Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

COM Surrogate - dllhost.exe *32


  • This topic is locked This topic is locked
71 replies to this topic

#1 Dicko148

Dicko148

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 03 April 2014 - 05:02 AM

Hi, I have a problem with dlhost.exe *32 running many processes.

 

Have downloaded and ran Farbarand following is FRST file and Addition file is attachedAttached File  Addition.txt   55.55KB   2 downloads. Any help would be most appreciated.

 

Thanks

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Richard Office (administrator) on RICHARDOFFIC-PC on 03-04-2014 20:07:57
Running from C:\Users\Richard Office\Desktop\New folder\Temporary Internet Files\Content.IE5\XLE7DOS0
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(MyWebSearch.com) C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSVC.EXE
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LBTWiz.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe
(CNET Download.com) C:\Users\Richard Office\Desktop\New folder\Temporary Internet Files\Content.IE5\6ZXPOV3X\cbsidlm-cbsi183-AdwCleaner-ORG-75851221.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Conduit) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Conduit) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Conduit) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Bluetooth Connection Assistant] - LBTWIZ.EXE -silent
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-07-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-23] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-07-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TurboLister Upgrade Helper] - C:\Program Files (x86)\eBay\Turbo Lister2\helper.exe -redist
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2014-03-21] (RealNetworks, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-05] (Google Inc.)
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\...\Run: [Ikam] - "C:\Users\Richard Office\AppData\Local\Temp\Tiewwo\ikam.exe" <===== ATTENTION
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\...\Run: [bozlosjorodo] - C:\Users\Richard Office\bozlosjorodo.exe
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\...\Run: [nilyqakuvago] - C:\Users\Richard Office\nilyqakuvago.exe
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\...\Run: [Regedit32] - C:\Windows\system32\regedit.exe
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\...\MountPoints2: E - E:\SETUP.EXE
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\...\MountPoints2: {0e3f61d4-348b-11e0-9dbb-c21e2c5e8269} - J:\PcOptions.exe
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\...\MountPoints2: {c59deef9-6b01-11e0-b5b2-806e6f6e6963} - J:\PcOptions.exe
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume3\Users\RICHAR~1\AppData\Local\Temp\swvtvpr\smoxfbi\wow.dll ATTENTION! ====> ZeroAccess?
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1355040 2014-03-30] (Conduit)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1050400 2014-03-30] (Conduit)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Richard Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.ninemsn.com.au/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3A01F468464ECF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MC67989DD-1868-4B14-B454-31CAD65BF237&SearchSource=55&CUI=&UM=5&UP=SP36E090BF-DEBE-4F51-9CC3-63EA910CD72B&SSPV=
URLSearchHook: HKLM-x32 - FLV Runner Toolbar - {3bbd3c14-4c16-4989-8366-95bc9179779d} - C:\Program Files (x86)\FLV_Runner\prxtbFLV_.dll (Conduit Ltd.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJman000&fl=0&ptb=NiUeXh5Adw9Bj.KxAYfiDw&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MC67989DD-1868-4B14-B454-31CAD65BF237&SearchSource=58&CUI=&UM=5&UP=SP36E090BF-DEBE-4F51-9CC3-63EA910CD72B&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MC67989DD-1868-4B14-B454-31CAD65BF237&SearchSource=58&CUI=&UM=5&UP=SP36E090BF-DEBE-4F51-9CC3-63EA910CD72B&q={searchTerms}&SSPV=
SearchScopes: HKCU - {20A46058-3A5B-4703-B05E-856160573F29} URL = http://au.search.yahoo.com/search?fr=mcafee&type=A011AU0&p={SearchTerms}
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: FLV Runner Toolbar - {3bbd3c14-4c16-4989-8366-95bc9179779d} - C:\Program Files (x86)\FLV_Runner\prxtbFLV_.dll (Conduit Ltd.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
Toolbar: HKLM-x32 - Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - FLV Runner Toolbar - {3bbd3c14-4c16-4989-8366-95bc9179779d} - C:\Program Files (x86)\FLV_Runner\prxtbFLV_.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {3BBD3C14-4C16-4989-8366-95BC9179779D} -  No File
Toolbar: HKCU - No Name - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -  No File
DPF: HKLM-x32 {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/AU/Core/Player/2020PlayerAX_Win32.cab
DPF: HKLM-x32 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

Chrome:
=======
CHR HomePage: http:\/\/search.conduit.com\/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MC67989DD-1868-4B14-B454-31CAD65BF237&SearchSource=55&CUI=&UM=5&UP=SP36E090BF-DEBE-4F51-9CC3-63EA910CD72B&SSPV=
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchURL: http:\/\/search.conduit.com\/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MC67989DD-1868-4B14-B454-31CAD65BF237&SearchSource=58&CUI=&UM=5&UP=SP36E090BF-DEBE-4F51-9CC3-63EA910CD72B&q={searchTerms}&SSPV=
CHR Extension: (Entanglement Web App) - C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-05-28]
CHR Extension: (wxDfast) - C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdjfcdinekpfcedakhpngcnaamhiihn [2012-07-20]
CHR Extension: (SiteAdvisor) - C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-07-20]
CHR Extension: (RealDownloader) - C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-04-01]
CHR Extension: (Skype Click to Call) - C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-02-23]
CHR Extension: (Poppit) - C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-05-28]
CHR Extension: (Google Wallet) - C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-12]
CHR HKLM-x32\...\Chrome\Extension: [ekdjfcdinekpfcedakhpngcnaamhiihn] - C:\ProgramData\wxDfast\ekdjfcdinekpfcedakhpngcnaamhiihn.crx [2012-04-19]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2466080 2014-03-30] (Conduit)
S2 gupdate1c9d21c21846a51; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-05-11] (Google Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\McAfee\MSC\McAWFwk.exe [225216 2011-01-28] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S2 McOobeSv; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
S4 MSCamSvc; C:\Program Files (x86)\Microsoft LifeCam\MSCamS64.exe [443752 2007-05-18] (Microsoft Corporation)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MyWebSearchService; C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSVC.EXE [28762 2009-10-21] (MyWebSearch.com)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

==================== Drivers (Whitelisted) ====================

R3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [103992 2007-09-10] (Brother Industries Ltd.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
R0 PxHlpa64; C:\Windows\SysWOW64\Drivers\PxHlpa64.sys [55552 2005-08-19] (Sonic Solutions)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203672 2013-04-03] (DEVGURU Co., LTD.(www.devguru.co.kr))
U5 PxHelp20; C:\Windows\SysWOW64\Drivers\PxHelp20.sys [46080 2005-08-19] (Sonic Solutions)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-03 20:04 - 2014-04-03 20:07 - 00000000 ____D () C:\FRST
2014-04-03 19:59 - 2014-04-03 19:59 - 00000000 ____D () C:\Users\Richard Office\AppData\Local\SearchProtect
2014-04-03 19:58 - 2014-04-03 19:58 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-04-03 19:58 - 2014-04-03 19:58 - 00000000 ____D () C:\AdwCleaner
2014-03-31 21:21 - 2014-03-31 21:22 - 00000000 ___HD () C:\f7f0497
2014-03-31 21:21 - 2014-03-31 21:21 - 00198656 _____ () C:\Users\Richard Office\AppData\Roaming\f7f0497.exe
2014-03-31 21:20 - 2014-03-31 21:25 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Otuwx
2014-03-31 21:20 - 2014-03-31 21:24 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Xereim
2014-03-31 21:20 - 2014-03-31 21:21 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Onsyke
2014-03-31 21:20 - 2014-03-31 21:20 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Yvyw
2014-03-31 21:20 - 2014-03-31 21:20 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Ifodo
2014-03-31 21:20 - 2014-03-31 21:20 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Erkayc
2014-03-31 21:20 - 2014-03-31 21:20 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Equsus
2014-03-21 18:20 - 2014-03-21 18:20 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-03-21 18:20 - 2014-03-21 18:20 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-03-21 18:20 - 2014-03-21 18:20 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2014-03-21 18:20 - 2014-03-21 18:20 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2014-03-21 18:20 - 2014-03-21 18:20 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2014-03-21 18:20 - 2014-03-21 18:20 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2014-03-21 18:20 - 2014-03-21 18:20 - 00001307 _____ () C:\Users\Public\Desktop\RealPlayer.lnk
2014-03-21 18:20 - 2014-03-21 18:20 - 00000143 _____ () C:\Users\Public\Desktop\RealPlay.url
2014-03-21 18:20 - 2014-03-21 18:20 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-03-21 18:20 - 2014-03-21 18:20 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-03-21 18:18 - 2014-03-21 18:18 - 00001109 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-03-21 18:17 - 2014-03-21 18:17 - 00000000 ____D () C:\Users\Richard Office\AppData\Local\Skype
2014-03-14 07:16 - 2014-03-14 07:17 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-14 07:16 - 2014-03-14 07:17 - 00000000 ____D () C:\Program Files\iTunes
2014-03-14 07:16 - 2014-03-14 07:17 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-14 07:16 - 2014-03-14 07:16 - 00000000 ____D () C:\Program Files\iPod
2014-03-14 07:10 - 2014-03-14 07:10 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-13 21:24 - 2014-03-13 21:24 - 00000000 ___RD () C:\Users\Richard Office\Documents\Notes
2014-03-13 17:48 - 2014-03-01 17:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 17:48 - 2014-03-01 16:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 17:48 - 2014-03-01 16:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 17:48 - 2014-03-01 15:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 17:48 - 2014-03-01 15:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 17:48 - 2014-03-01 15:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 17:48 - 2014-03-01 15:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 17:48 - 2014-03-01 15:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 17:48 - 2014-03-01 15:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 17:48 - 2014-03-01 15:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 17:48 - 2014-03-01 15:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 17:48 - 2014-03-01 15:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 17:48 - 2014-03-01 15:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 17:48 - 2014-03-01 15:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 17:48 - 2014-03-01 15:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 17:48 - 2014-03-01 15:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 17:48 - 2014-03-01 15:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 17:48 - 2014-03-01 14:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 17:48 - 2014-03-01 14:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 17:48 - 2014-03-01 14:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 17:48 - 2014-03-01 14:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 17:48 - 2014-03-01 14:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 17:48 - 2014-03-01 14:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 17:48 - 2014-03-01 14:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 17:48 - 2014-03-01 14:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 17:48 - 2014-03-01 14:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 17:48 - 2014-03-01 14:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 17:48 - 2014-03-01 14:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 17:48 - 2014-03-01 14:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 17:48 - 2014-03-01 14:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 17:48 - 2014-03-01 14:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 17:48 - 2014-03-01 14:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 17:48 - 2014-03-01 14:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 17:48 - 2014-03-01 14:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 17:48 - 2014-03-01 13:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 17:48 - 2014-03-01 13:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 17:48 - 2014-03-01 13:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 17:48 - 2014-03-01 13:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 17:48 - 2014-03-01 13:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 17:48 - 2014-03-01 13:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 17:48 - 2014-02-07 12:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 17:48 - 2014-01-29 13:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 17:48 - 2014-01-29 13:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 17:48 - 2014-01-28 13:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 17:45 - 2014-02-04 13:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 17:45 - 2014-02-04 13:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 17:45 - 2014-02-04 13:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 17:45 - 2014-02-04 13:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-04 14:02 - 2014-04-03 19:59 - 00000000 ____D () C:\Users\Richard Office\Documents\Outlook Files
2014-03-04 12:55 - 2014-03-04 12:55 - 00000000 ____D () C:\Users\Richard Office\AppData\Local\Citrix
2014-03-04 12:55 - 2014-03-04 12:55 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-03-04 12:36 - 2014-03-04 12:36 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\McAfee
2014-03-04 12:34 - 2014-03-04 12:34 - 00541592 _____ (McAfee, Inc.) C:\Users\Richard Office\Desktop\MVTInstaller.exe

==================== One Month Modified Files and Folders =======

2014-04-03 20:14 - 2011-08-15 18:41 - 04143616 ___SH () C:\Users\Richard Office\Desktop\Thumbs.db
2014-04-03 20:14 - 2011-03-10 20:14 - 00000420 _____ () C:\Windows\Tasks\Free File Viewer Update Checker.job
2014-04-03 20:07 - 2014-04-03 20:04 - 00000000 ____D () C:\FRST
2014-04-03 20:02 - 2013-09-17 22:29 - 00001887 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2014-04-03 19:59 - 2014-04-03 19:59 - 00000000 ____D () C:\Users\Richard Office\AppData\Local\SearchProtect
2014-04-03 19:59 - 2014-03-04 14:02 - 00000000 ____D () C:\Users\Richard Office\Documents\Outlook Files
2014-04-03 19:59 - 2009-08-21 14:36 - 00000000 ____D () C:\Program Files (x86)\MSN Games
2014-04-03 19:58 - 2014-04-03 19:58 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-04-03 19:58 - 2014-04-03 19:58 - 00000000 ____D () C:\AdwCleaner
2014-04-03 19:56 - 2014-01-11 23:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-03 19:42 - 2009-08-04 20:22 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-04-03 19:29 - 2012-07-22 17:22 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Samsung
2014-04-03 19:29 - 2012-07-22 17:10 - 00000000 ____D () C:\ProgramData\Samsung
2014-04-03 19:28 - 2009-04-10 04:19 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-03 19:26 - 2009-07-01 16:29 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-03 19:22 - 2009-10-25 18:55 - 01972419 _____ () C:\Windows\WindowsUpdate.log
2014-04-03 19:14 - 2014-02-10 07:13 - 00005036 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for RichardOffic-PC-Richard Office RichardOffic-PC
2014-04-03 19:00 - 2009-10-25 18:17 - 00010048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-03 19:00 - 2009-10-25 18:17 - 00010048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-03 18:57 - 2013-12-17 20:52 - 00000000 ____D () C:\ProgramData\Foresight Software
2014-04-03 18:53 - 2013-04-26 15:20 - 00007682 _____ () C:\Users\Richard Office\AppData\Local\resmon.resmoncfg
2014-04-03 18:44 - 2013-09-17 22:28 - 00000000 __RSD () C:\Users\Richard Office\Documents\McAfee Vaults
2014-04-03 18:41 - 2010-02-05 16:52 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-04-03 18:38 - 2013-11-28 06:33 - 06566462 _____ () C:\Windows\setupact.log
2014-04-03 18:38 - 2012-08-14 21:26 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-03 18:38 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-03 18:38 - 2009-07-01 16:29 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-03 18:25 - 2009-10-25 18:21 - 00000000 ___HD () C:\Users\Richard Office
2014-04-03 18:20 - 2010-08-30 21:09 - 00559104 ___SH () C:\Users\Richard Office\Thumbs.db
2014-04-03 18:10 - 2009-10-25 19:22 - 00003990 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1A7FB5C7-A9AF-4E0F-BAE6-F583749D89F4}
2014-04-02 19:57 - 2009-04-30 22:06 - 00000000 ____D () C:\Users\Richard Office\Documents\Richard's Docs
2014-04-02 07:05 - 2013-11-28 06:32 - 00150794 _____ () C:\Windows\PFRO.log
2014-04-01 19:44 - 2009-12-24 14:05 - 00003051 _____ () C:\InstallHelper.log
2014-04-01 19:39 - 2012-03-26 22:57 - 00000000 ____D () C:\Program Files (x86)\Graboid
2014-04-01 19:38 - 2013-11-15 18:12 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\BitTorrent
2014-03-31 21:25 - 2014-03-31 21:20 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Otuwx
2014-03-31 21:25 - 2009-07-07 21:22 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Real
2014-03-31 21:24 - 2014-03-31 21:20 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Xereim
2014-03-31 21:22 - 2014-03-31 21:21 - 00000000 ___HD () C:\f7f0497
2014-03-31 21:22 - 2009-04-22 18:22 - 00000000 ___RD () C:\Users\Richard Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-31 21:21 - 2014-03-31 21:20 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Onsyke
2014-03-31 21:20 - 2014-03-31 21:20 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Yvyw
2014-03-31 21:20 - 2014-03-31 21:20 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Ifodo
2014-03-31 21:20 - 2014-03-31 21:20 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Erkayc
2014-03-31 21:20 - 2014-03-31 21:20 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Equsus
2014-03-29 20:13 - 2009-05-11 20:37 - 00000000 ____D () C:\Users\Richard Office\AppData\Local\Google
2014-03-29 18:20 - 2009-07-01 16:29 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 18:20 - 2009-07-01 16:29 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-29 16:58 - 2009-07-14 16:13 - 00006222 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-26 21:24 - 2009-07-14 16:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-24 16:59 - 2009-10-25 18:20 - 00000426 _____ () C:\Windows\BRWMARK.INI
2014-03-21 18:20 - 2014-03-21 18:20 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-03-21 18:20 - 2014-03-21 18:20 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-03-21 18:20 - 2014-03-21 18:20 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2014-03-21 18:20 - 2014-03-21 18:20 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2014-03-21 18:20 - 2014-03-21 18:20 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2014-03-21 18:20 - 2014-03-21 18:20 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2014-03-21 18:20 - 2014-03-21 18:20 - 00001307 _____ () C:\Users\Public\Desktop\RealPlayer.lnk
2014-03-21 18:20 - 2014-03-21 18:20 - 00000143 _____ () C:\Users\Public\Desktop\RealPlay.url
2014-03-21 18:20 - 2014-03-21 18:20 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-03-21 18:20 - 2014-03-21 18:20 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-03-21 18:20 - 2011-02-21 21:14 - 00000000 ____D () C:\Program Files (x86)\Real
2014-03-21 18:20 - 2009-10-15 18:11 - 00000000 ____D () C:\ProgramData\Real
2014-03-21 18:18 - 2014-03-21 18:18 - 00001109 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-03-21 18:17 - 2014-03-21 18:17 - 00000000 ____D () C:\Users\Richard Office\AppData\Local\Skype
2014-03-21 18:17 - 2012-12-01 20:44 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Skype
2014-03-21 18:17 - 2012-12-01 20:43 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-21 18:17 - 2012-12-01 20:43 - 00000000 ____D () C:\ProgramData\Skype
2014-03-21 18:16 - 2012-04-12 09:22 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-03-21 18:16 - 2012-04-12 09:22 - 00000000 ____D () C:\Program Files\WinRAR
2014-03-19 15:02 - 2013-08-15 17:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 15:00 - 2009-11-20 11:07 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-15 15:37 - 2013-04-14 11:33 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-14 19:04 - 2013-04-26 15:44 - 03057368 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 19:02 - 2012-05-19 01:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 19:02 - 2012-05-19 01:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 07:17 - 2014-03-14 07:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-14 07:17 - 2014-03-14 07:16 - 00000000 ____D () C:\Program Files\iTunes
2014-03-14 07:17 - 2014-03-14 07:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-14 07:17 - 2012-09-14 09:15 - 00001826 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-14 07:16 - 2014-03-14 07:16 - 00000000 ____D () C:\Program Files\iPod
2014-03-14 07:12 - 2009-07-16 11:47 - 00000000 ____D () C:\ProgramData\Apple
2014-03-14 07:10 - 2014-03-14 07:10 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-14 07:10 - 2012-11-16 07:25 - 00001888 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-13 21:25 - 2013-12-13 21:00 - 00000000 ____D () C:\Users\Richard Office\Desktop\New folder
2014-03-13 21:24 - 2014-03-13 21:24 - 00000000 ___RD () C:\Users\Richard Office\Documents\Notes
2014-03-12 10:56 - 2014-01-11 23:23 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 10:56 - 2014-01-11 23:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 10:56 - 2014-01-11 23:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-09 10:23 - 2014-01-30 08:56 - 00010901 _____ () C:\Users\Richard Office\Desktop\Lancer Sale to Michael.xlsx
2014-03-08 16:32 - 2009-04-10 04:23 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-03-07 06:59 - 2009-07-14 16:08 - 00032588 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-04 13:51 - 2009-04-26 16:50 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Adobe
2014-03-04 13:46 - 2013-09-17 22:27 - 00000000 ____D () C:\Program Files\McAfee
2014-03-04 13:46 - 2009-04-10 04:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-04 12:55 - 2014-03-04 12:55 - 00000000 ____D () C:\Users\Richard Office\AppData\Local\Citrix
2014-03-04 12:55 - 2014-03-04 12:55 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-03-04 12:55 - 2010-11-19 21:51 - 00000000 ____D () C:\Users\Richard Office\AppData\Local\Deployment
2014-03-04 12:36 - 2014-03-04 12:36 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\McAfee
2014-03-04 12:35 - 2009-04-10 04:23 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-03-04 12:34 - 2014-03-04 12:34 - 00541592 _____ (McAfee, Inc.) C:\Users\Richard Office\Desktop\MVTInstaller.exe

Files to move or delete:
====================
C:\Users\Public\MyWebTattoo.exe
C:\Users\Richard Office\CC3up_1.30.0010.EXE

Some content of TEMP:
====================
C:\Users\Richard Office\AppData\Local\Temp\lowproc.exe
C:\Users\Richard Office\AppData\Local\Temp\nskB8E9.exe
C:\Users\Richard Office\AppData\Local\Temp\nsp5421.exe
C:\Users\Richard Office\AppData\Local\Temp\nsu59BD.exe
C:\Users\Richard Office\AppData\Local\Temp\nszB243.exe
C:\Users\Richard Office\AppData\Local\Temp\playpanel.exe
C:\Users\Richard Office\AppData\Local\Temp\Quarantine.exe
C:\Users\Richard Office\AppData\Local\Temp\SCC.dll
C:\Users\Richard Office\AppData\Local\Temp\sf5hqewj.dll
C:\Users\Richard Office\AppData\Local\Temp\stubhelper.dll
C:\Users\Richard Office\AppData\Local\Temp\{C6193681-692E-474E-86EA-E154B8E41F54}-GoogleUpdateSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-30 10:03

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:03 AM

Posted 07 April 2014 - 11:44 PM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Regards,

Georgi


cXfZ4wS.png


#3 Dicko148

Dicko148
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 08 April 2014 - 06:05 AM

 This is what the (FRST.txt) showed this is the 2nd time I have done it.

 

1st time results are above.

 

thanks

 

 

LastRegBack: 2014-03-30 09:03

==================== End Of Log ============================



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:03 AM

Posted 08 April 2014 - 11:17 AM

Hello,

 

This is not the full log. Please attach FRST.txt and Addition.txt to your next reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#5 Dicko148

Dicko148
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 09 April 2014 - 03:34 AM

Thanks did again and it worked.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 27 days old and could be outdated)
Ran by Richard Office (administrator) on RICHARDOFFIC-PC on 09-04-2014 18:11:27
Running from C:\Users\Richard Office\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe
(IOBit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ascavsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Spigot, Inc.) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\Monitor.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LBTWiz.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
(Spigot Inc) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
() C:\Programs\PartyGaming\PartyPoker\Uninstall.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Bluetooth Connection Assistant] - LBTWIZ.EXE -silent
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-07-20] (Realtek Semiconductor)
HKLM\...\Run: [MRT] - C:\Windows\system32\MRT.exe [90655440 2014-04-09] (Microsoft Corporation)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-23] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-07-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2014-03-21] (RealNetworks, Inc.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SearchSettings] - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [1401152 2014-03-28] (Spigot, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\...\Run: [Advanced SystemCare Ultimate] - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe [2519360 2013-12-31] (IObit)
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\...\Run: [Slick Savings] - C:\Users\Richard Office\AppData\Roaming\Slick Savings\CouponsHelper.exe [832320 2014-02-13] (Spigot, Inc.)
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-05] (Google Inc.)
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\...\MountPoints2: E - E:\SETUP.EXE
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\...\MountPoints2: {0e3f61d4-348b-11e0-9dbb-c21e2c5e8269} - J:\PcOptions.exe
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\...\MountPoints2: {c59deef9-6b01-11e0-b5b2-806e6f6e6963} - J:\PcOptions.exe
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume3\Users\RICHAR~1\AppData\Local\Temp\swvtvpr\smoxfbi\wow.dll ATTENTION! ====> ZeroAccess?
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Richard Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.ninemsn.com.au/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3A01F468464ECF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
URLSearchHook: HKCU - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\9.0\iobitappsToolbarIE64.dll (Spigot, Inc.)
URLSearchHook: HKCU - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\9.0\iobitappsToolbarIE.dll (Spigot, Inc.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {20A46058-3A5B-4703-B05E-856160573F29} URL = http://au.search.yahoo.com/search?fr=mcafee&type=A011AU0&p={SearchTerms}
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Slick Savings - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\Richard Office\AppData\Roaming\Slick Savings\Coupons64.dll (Spigot, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\9.0\iobitappsToolbarIE.dll (Spigot, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Slick Savings - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\Richard Office\AppData\Roaming\Slick Savings\Coupons.dll (Spigot, Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Ads Removal - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\9.0\iobitappsToolbarIE64.dll (Spigot, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\9.0\iobitappsToolbarIE.dll (Spigot, Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/AU/Core/Player/2020PlayerAX_Win32.cab
DPF: HKLM-x32 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

Chrome:
=======
CHR Extension: (Entanglement Web App) - C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-05-28]
CHR Extension: (wxDfast) - C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdjfcdinekpfcedakhpngcnaamhiihn [2012-07-20]
CHR Extension: (SiteAdvisor) - C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-07-20]
CHR Extension: (Ads Removal) - C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-04-07]
CHR Extension: (RealDownloader) - C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-04-01]
CHR Extension: (Skype Click to Call) - C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-02-23]
CHR Extension: (Poppit) - C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-05-28]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2014-04-07]
CHR Extension: (Google Wallet) - C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-12]
CHR HKLM-x32\...\Chrome\Extension: [ekdjfcdinekpfcedakhpngcnaamhiihn] - C:\ProgramData\wxDfast\ekdjfcdinekpfcedakhpngcnaamhiihn.crx [2014-01-12]
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\Richard Office\AppData\Local\Slick Savings\coupons.crx [2014-04-07]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [2014-04-07]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]

==================== Services (Whitelisted) =================

S2 0250391397021463mcinstcleanup; C:\Windows\TEMP\025039~1.EXE [836168 2014-03-13] (McAfee, Inc.)
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe [886592 2013-12-16] (IObit)
R2 ASCAntivirusSrv; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ascavsvc.exe [648000 2014-01-03] (IOBit)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)
S2 gupdate1c9d21c21846a51; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-05-11] (Google Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [342336 2014-01-24] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2014-01-06] (IObit)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\McAfee\MSC\McAWFwk.exe [225216 2011-01-28] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S2 McOobeSv; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
S4 MSCamSvc; C:\Program Files (x86)\Microsoft LifeCam\MSCamS64.exe [443752 2007-05-18] (Microsoft Corporation)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

==================== Drivers (Whitelisted) ====================

R3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [103992 2007-09-10] (Brother Industries Ltd.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
R0 PxHlpa64; C:\Windows\SysWOW64\Drivers\PxHlpa64.sys [55552 2005-08-19] (Sonic Solutions)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203672 2013-04-03] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
U5 PxHelp20; C:\Windows\SysWOW64\Drivers\PxHelp20.sys [46080 2005-08-19] (Sonic Solutions)
S1 vfmoqqlq; \??\C:\Windows\system32\drivers\vfmoqqlq.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-09 18:06 - 2014-04-09 18:11 - 00027114 _____ () C:\Users\Richard Office\Desktop\FRST.txt
2014-04-09 07:40 - 2014-03-31 11:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 07:40 - 2014-03-31 11:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 07:40 - 2014-03-31 09:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 07:39 - 2014-03-31 10:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 07:37 - 2014-03-04 19:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 07:37 - 2014-03-04 19:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 07:37 - 2014-03-04 19:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 07:37 - 2014-03-04 19:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 07:37 - 2014-03-04 19:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 07:37 - 2014-03-04 19:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 07:37 - 2014-03-04 19:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 07:37 - 2014-03-04 19:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 07:37 - 2014-03-04 19:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 07:37 - 2014-03-04 18:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 07:37 - 2014-03-04 18:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 07:37 - 2014-02-04 12:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 07:37 - 2014-02-04 12:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 07:37 - 2014-02-04 12:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 07:37 - 2014-02-04 12:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 07:37 - 2014-02-04 12:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 07:37 - 2014-01-24 12:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-09 07:07 - 2014-04-09 07:07 - 00000000 ____D () C:\Program Files (x86)\IObit Apps Toolbar
2014-04-09 07:07 - 2014-04-09 07:07 - 00000000 ____D () C:\Program Files (x86)\Application Updater
2014-04-09 07:01 - 2014-04-09 15:23 - 00063012 _____ () C:\Windows\setupact.log
2014-04-09 07:01 - 2014-04-09 07:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-09 07:00 - 2014-04-09 15:22 - 00005594 _____ () C:\Windows\PFRO.log
2014-04-08 20:56 - 2014-04-09 18:06 - 00000000 ____D () C:\Users\Richard Office\Desktop\New folder (2)
2014-04-08 20:55 - 2014-04-08 20:55 - 02157056 _____ (Farbar) C:\Users\Richard Office\Desktop\FRST64.exe
2014-04-08 20:03 - 2014-04-09 15:32 - 00001887 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2014-04-07 20:30 - 2014-04-07 20:30 - 00003130 _____ () C:\Windows\System32\Tasks\ASC7_PerformanceMonitor
2014-04-07 19:40 - 2014-04-07 19:40 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\ProductData
2014-04-07 19:39 - 2014-04-07 20:30 - 00000000 ____D () C:\ProgramData\ProductData
2014-04-07 19:39 - 2014-04-07 19:39 - 00001256 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-04-07 19:38 - 2014-04-08 06:38 - 00002329 _____ () C:\Users\Public\Desktop\Advanced SystemCare Ultimate 7.lnk
2014-04-07 19:38 - 2014-04-07 19:38 - 00002886 _____ () C:\Windows\System32\Tasks\ASC7U_SkipUac_Richard Office
2014-04-07 19:38 - 2014-04-07 19:38 - 00000000 ____D () C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424}
2014-04-07 19:38 - 2014-04-07 19:38 - 00000000 ____D () C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2014-04-07 19:34 - 2014-04-09 07:07 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Slick Savings
2014-04-07 19:34 - 2014-04-07 19:34 - 00001216 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-04-07 19:34 - 2014-04-07 19:34 - 00000000 ____D () C:\Users\Richard Office\AppData\Local\Slick Savings
2014-04-06 18:41 - 2014-04-06 18:41 - 00000000 ____D () C:\Users\Richard Office\AppData\OICE_15_974FA576_32C1D314_BE5
2014-04-04 21:35 - 2014-04-08 06:38 - 00000000 ____D () C:\Users\Richard Office\Desktop\Desktop Cleanup 4-4-14
2014-04-04 21:29 - 2014-04-04 21:36 - 27264776 _____ (IObit ) C:\Users\Richard Office\Desktop\iobit-malware-fighter-setup.exe
2014-04-04 20:23 - 2014-04-07 19:40 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\IObit
2014-04-04 20:23 - 2014-04-07 19:38 - 00000000 ____D () C:\ProgramData\IObit
2014-04-04 20:23 - 2014-04-07 19:38 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-04-04 19:56 - 2014-04-04 19:56 - 19362952 _____ (IObit ) C:\Users\Richard Office\Desktop\imfv2-setup-for-review.exe
2014-04-04 15:13 - 2014-04-04 15:13 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Richard Office\Desktop\rkill64.exe
2014-04-03 21:17 - 2014-04-03 21:17 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Richard Office\Desktop\rkill.exe
2014-04-03 20:26 - 2014-04-03 20:26 - 01426178 _____ () C:\Users\Richard Office\Desktop\AdwCleaner.exe
2014-04-03 19:04 - 2014-04-09 18:11 - 00000000 ____D () C:\FRST
2014-04-03 18:58 - 2014-04-04 20:47 - 00000000 ____D () C:\AdwCleaner
2014-03-31 20:21 - 2014-03-31 20:22 - 00000000 ___HD () C:\f7f0497
2014-03-31 20:20 - 2014-04-06 17:18 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Ifodo
2014-03-31 20:20 - 2014-03-31 20:25 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Otuwx
2014-03-31 20:20 - 2014-03-31 20:24 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Xereim
2014-03-31 20:20 - 2014-03-31 20:21 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Onsyke
2014-03-31 20:20 - 2014-03-31 20:20 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Yvyw
2014-03-31 20:20 - 2014-03-31 20:20 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Erkayc
2014-03-31 20:20 - 2014-03-31 20:20 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Equsus
2014-03-21 17:20 - 2014-03-21 17:20 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-03-21 17:20 - 2014-03-21 17:20 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-03-21 17:20 - 2014-03-21 17:20 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2014-03-21 17:20 - 2014-03-21 17:20 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2014-03-21 17:20 - 2014-03-21 17:20 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2014-03-21 17:20 - 2014-03-21 17:20 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2014-03-21 17:20 - 2014-03-21 17:20 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-03-21 17:20 - 2014-03-21 17:20 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-03-21 17:17 - 2014-03-21 17:17 - 00000000 ____D () C:\Users\Richard Office\AppData\Local\Skype
2014-03-14 06:16 - 2014-03-14 06:17 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-14 06:16 - 2014-03-14 06:17 - 00000000 ____D () C:\Program Files\iTunes
2014-03-14 06:16 - 2014-03-14 06:17 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-14 06:16 - 2014-03-14 06:16 - 00000000 ____D () C:\Program Files\iPod
2014-03-14 06:10 - 2014-03-14 06:10 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-13 20:24 - 2014-03-13 20:24 - 00000000 ___RD () C:\Users\Richard Office\Documents\Notes
2014-03-13 16:48 - 2014-03-01 15:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 16:48 - 2014-03-01 14:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 16:48 - 2014-03-01 14:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 16:48 - 2014-03-01 14:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 16:48 - 2014-03-01 14:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 16:48 - 2014-03-01 14:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 16:48 - 2014-03-01 14:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 16:48 - 2014-03-01 14:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 16:48 - 2014-03-01 14:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 16:48 - 2014-03-01 14:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 16:48 - 2014-03-01 14:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 16:48 - 2014-03-01 14:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 16:48 - 2014-03-01 14:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 16:48 - 2014-03-01 13:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 16:48 - 2014-03-01 13:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 16:48 - 2014-03-01 13:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 16:48 - 2014-03-01 13:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 16:48 - 2014-03-01 13:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 16:48 - 2014-03-01 13:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 16:48 - 2014-03-01 13:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 16:48 - 2014-03-01 13:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 16:48 - 2014-03-01 13:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 16:48 - 2014-03-01 13:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 16:48 - 2014-03-01 13:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 16:48 - 2014-03-01 13:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 16:48 - 2014-03-01 13:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 16:48 - 2014-03-01 13:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 16:48 - 2014-03-01 13:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 16:48 - 2014-03-01 13:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 16:48 - 2014-03-01 13:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 16:48 - 2014-03-01 12:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 16:48 - 2014-03-01 12:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 16:48 - 2014-03-01 12:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 16:48 - 2014-03-01 12:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 16:48 - 2014-03-01 12:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 16:48 - 2014-03-01 12:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 16:48 - 2014-02-07 11:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 16:48 - 2014-01-29 12:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 16:48 - 2014-01-29 12:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 16:48 - 2014-01-28 12:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 16:45 - 2014-02-04 12:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 16:45 - 2014-02-04 12:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 16:45 - 2014-02-04 12:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 16:45 - 2014-02-04 12:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-09 18:11 - 2014-04-09 18:06 - 00027114 _____ () C:\Users\Richard Office\Desktop\FRST.txt
2014-04-09 18:11 - 2014-04-03 19:04 - 00000000 ____D () C:\FRST
2014-04-09 18:06 - 2014-04-08 20:56 - 00000000 ____D () C:\Users\Richard Office\Desktop\New folder (2)
2014-04-09 18:02 - 2014-03-04 13:02 - 00000000 ____D () C:\Users\Richard Office\Documents\Outlook Files
2014-04-09 18:02 - 2009-10-25 17:55 - 01194806 _____ () C:\Windows\WindowsUpdate.log
2014-04-09 17:56 - 2014-01-11 22:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-09 17:25 - 2009-07-01 15:29 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-09 15:44 - 2014-02-10 06:13 - 00005038 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for RichardOffic-PC-Richard Office RichardOffic-PC
2014-04-09 15:44 - 2009-10-25 17:17 - 00010048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-09 15:44 - 2009-10-25 17:17 - 00010048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-09 15:32 - 2014-04-08 20:03 - 00001887 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2014-04-09 15:30 - 2013-09-17 21:28 - 00000000 __RSD () C:\Users\Richard Office\Documents\McAfee Vaults
2014-04-09 15:26 - 2011-03-10 19:14 - 00000420 _____ () C:\Windows\Tasks\Free File Viewer Update Checker.job
2014-04-09 15:26 - 2009-07-01 15:29 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-09 15:24 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-09 15:23 - 2014-04-09 07:01 - 00063012 _____ () C:\Windows\setupact.log
2014-04-09 15:23 - 2012-08-14 20:26 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-09 15:22 - 2014-04-09 07:00 - 00005594 _____ () C:\Windows\PFRO.log
2014-04-09 15:01 - 2013-08-15 16:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 15:01 - 2009-11-20 10:07 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 12:24 - 2009-10-25 18:22 - 00003990 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1A7FB5C7-A9AF-4E0F-BAE6-F583749D89F4}
2014-04-09 07:47 - 2013-04-14 10:33 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-04-09 07:07 - 2014-04-09 07:07 - 00000000 ____D () C:\Program Files (x86)\IObit Apps Toolbar
2014-04-09 07:07 - 2014-04-09 07:07 - 00000000 ____D () C:\Program Files (x86)\Application Updater
2014-04-09 07:07 - 2014-04-07 19:34 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Slick Savings
2014-04-09 07:06 - 2009-07-14 15:13 - 00006222 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-09 07:02 - 2010-02-05 15:52 - 00000437 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-04-09 07:01 - 2014-04-09 07:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-08 20:55 - 2014-04-08 20:55 - 02157056 _____ (Farbar) C:\Users\Richard Office\Desktop\FRST64.exe
2014-04-08 06:38 - 2014-04-07 19:38 - 00002329 _____ () C:\Users\Public\Desktop\Advanced SystemCare Ultimate 7.lnk
2014-04-08 06:38 - 2014-04-04 21:35 - 00000000 ____D () C:\Users\Richard Office\Desktop\Desktop Cleanup 4-4-14
2014-04-08 06:29 - 2009-01-24 15:36 - 00000000 ____D () C:\Users\Richard Office\Documents\Desktop Files
2014-04-08 06:24 - 2009-10-26 12:13 - 00000000 ____D () C:\Windows\Panther
2014-04-07 20:30 - 2014-04-07 20:30 - 00003130 _____ () C:\Windows\System32\Tasks\ASC7_PerformanceMonitor
2014-04-07 20:30 - 2014-04-07 19:39 - 00000000 ____D () C:\ProgramData\ProductData
2014-04-07 19:40 - 2014-04-07 19:40 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\ProductData
2014-04-07 19:40 - 2014-04-04 20:23 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\IObit
2014-04-07 19:39 - 2014-04-07 19:39 - 00001256 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-04-07 19:39 - 2009-07-16 10:51 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Apple Computer
2014-04-07 19:38 - 2014-04-07 19:38 - 00002886 _____ () C:\Windows\System32\Tasks\ASC7U_SkipUac_Richard Office
2014-04-07 19:38 - 2014-04-07 19:38 - 00000000 ____D () C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424}
2014-04-07 19:38 - 2014-04-07 19:38 - 00000000 ____D () C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2014-04-07 19:38 - 2014-04-04 20:23 - 00000000 ____D () C:\ProgramData\IObit
2014-04-07 19:38 - 2014-04-04 20:23 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-04-07 19:34 - 2014-04-07 19:34 - 00001216 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-04-07 19:34 - 2014-04-07 19:34 - 00000000 ____D () C:\Users\Richard Office\AppData\Local\Slick Savings
2014-04-06 18:41 - 2014-04-06 18:41 - 00000000 ____D () C:\Users\Richard Office\AppData\OICE_15_974FA576_32C1D314_BE5
2014-04-06 17:18 - 2014-03-31 20:20 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Ifodo
2014-04-05 14:17 - 2013-09-20 11:46 - 00000000 ____D () C:\Users\Richard Office\Documents\VirtualDJ
2014-04-04 22:13 - 2013-12-13 20:00 - 00000000 ___HD () C:\Users\Richard Office\Desktop\New folder
2014-04-04 21:46 - 2009-10-25 17:21 - 00000000 ___HD () C:\Users\Richard Office
2014-04-04 21:36 - 2014-04-04 21:29 - 27264776 _____ (IObit ) C:\Users\Richard Office\Desktop\iobit-malware-fighter-setup.exe
2014-04-04 20:47 - 2014-04-03 18:58 - 00000000 ____D () C:\AdwCleaner
2014-04-04 20:31 - 2010-08-30 20:09 - 00562176 ___SH () C:\Users\Richard Office\Thumbs.db
2014-04-04 20:15 - 2011-08-15 17:41 - 04143616 ___SH () C:\Users\Richard Office\Desktop\Thumbs.db
2014-04-04 19:56 - 2014-04-04 19:56 - 19362952 _____ (IObit ) C:\Users\Richard Office\Desktop\imfv2-setup-for-review.exe
2014-04-04 15:13 - 2014-04-04 15:13 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Richard Office\Desktop\rkill64.exe
2014-04-04 06:30 - 2009-04-10 03:23 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-04-03 21:17 - 2014-04-03 21:17 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Richard Office\Desktop\rkill.exe
2014-04-03 20:26 - 2014-04-03 20:26 - 01426178 _____ () C:\Users\Richard Office\Desktop\AdwCleaner.exe
2014-04-03 18:59 - 2009-08-21 13:36 - 00000000 ____D () C:\Program Files (x86)\MSN Games
2014-04-03 18:42 - 2009-08-04 19:22 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-04-03 18:29 - 2012-07-22 16:22 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Samsung
2014-04-03 18:29 - 2012-07-22 16:10 - 00000000 ____D () C:\ProgramData\Samsung
2014-04-03 18:28 - 2009-04-10 03:19 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-03 17:57 - 2013-12-17 19:52 - 00000000 ____D () C:\ProgramData\Foresight Software
2014-04-03 17:53 - 2013-04-26 14:20 - 00007682 _____ () C:\Users\Richard Office\AppData\Local\resmon.resmoncfg
2014-04-02 18:57 - 2009-04-30 21:06 - 00000000 ____D () C:\Users\Richard Office\Documents\Richard's Docs
2014-04-01 18:44 - 2009-12-24 13:05 - 00003051 _____ () C:\InstallHelper.log
2014-04-01 18:39 - 2012-03-26 21:57 - 00000000 ____D () C:\Program Files (x86)\Graboid
2014-04-01 18:38 - 2013-11-15 17:12 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\BitTorrent
2014-03-31 20:25 - 2014-03-31 20:20 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Otuwx
2014-03-31 20:25 - 2009-07-07 20:22 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Real
2014-03-31 20:24 - 2014-03-31 20:20 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Xereim
2014-03-31 20:22 - 2014-03-31 20:21 - 00000000 ___HD () C:\f7f0497
2014-03-31 20:22 - 2009-04-22 17:22 - 00000000 ___RD () C:\Users\Richard Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-31 20:21 - 2014-03-31 20:20 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Onsyke
2014-03-31 20:20 - 2014-03-31 20:20 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Yvyw
2014-03-31 20:20 - 2014-03-31 20:20 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Erkayc
2014-03-31 20:20 - 2014-03-31 20:20 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Equsus
2014-03-31 11:16 - 2014-04-09 07:40 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 11:13 - 2014-04-09 07:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 10:13 - 2014-04-09 07:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 09:57 - 2014-04-09 07:40 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-29 19:13 - 2009-05-11 19:37 - 00000000 ____D () C:\Users\Richard Office\AppData\Local\Google
2014-03-29 17:20 - 2009-07-01 15:29 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 17:20 - 2009-07-01 15:29 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-26 20:24 - 2009-07-14 15:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-24 15:59 - 2009-10-25 17:20 - 00000426 _____ () C:\Windows\BRWMARK.INI
2014-03-21 17:20 - 2014-03-21 17:20 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-03-21 17:20 - 2014-03-21 17:20 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-03-21 17:20 - 2014-03-21 17:20 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2014-03-21 17:20 - 2014-03-21 17:20 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2014-03-21 17:20 - 2014-03-21 17:20 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2014-03-21 17:20 - 2014-03-21 17:20 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2014-03-21 17:20 - 2014-03-21 17:20 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-03-21 17:20 - 2014-03-21 17:20 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-03-21 17:20 - 2011-02-21 20:14 - 00000000 ____D () C:\Program Files (x86)\Real
2014-03-21 17:20 - 2009-10-15 17:11 - 00000000 ____D () C:\ProgramData\Real
2014-03-21 17:17 - 2014-03-21 17:17 - 00000000 ____D () C:\Users\Richard Office\AppData\Local\Skype
2014-03-21 17:17 - 2012-12-01 19:44 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Skype
2014-03-21 17:17 - 2012-12-01 19:43 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-21 17:17 - 2012-12-01 19:43 - 00000000 ____D () C:\ProgramData\Skype
2014-03-21 17:16 - 2012-04-12 08:22 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-03-21 17:16 - 2012-04-12 08:22 - 00000000 ____D () C:\Program Files\WinRAR
2014-03-17 19:02 - 2013-09-17 21:27 - 00070592 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\cfwids.sys
2014-03-17 18:54 - 2013-09-17 21:27 - 00345456 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfewfpk.sys
2014-03-17 18:54 - 2012-04-14 05:15 - 00185792 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2014-03-17 18:49 - 2013-09-17 21:27 - 00783864 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
2014-03-17 18:47 - 2013-09-17 21:27 - 00522360 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfefirek.sys
2014-03-17 18:45 - 2013-09-17 21:27 - 00311600 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeavfk.sys
2014-03-17 18:44 - 2013-09-17 21:27 - 00180272 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeapfk.sys
2014-03-14 18:04 - 2013-04-26 14:44 - 03057368 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 18:02 - 2012-05-19 00:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 18:02 - 2012-05-19 00:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 06:17 - 2014-03-14 06:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-14 06:17 - 2014-03-14 06:16 - 00000000 ____D () C:\Program Files\iTunes
2014-03-14 06:17 - 2014-03-14 06:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-14 06:16 - 2014-03-14 06:16 - 00000000 ____D () C:\Program Files\iPod
2014-03-14 06:12 - 2009-07-16 10:47 - 00000000 ____D () C:\ProgramData\Apple
2014-03-14 06:10 - 2014-03-14 06:10 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-13 20:24 - 2014-03-13 20:24 - 00000000 ___RD () C:\Users\Richard Office\Documents\Notes
2014-03-12 09:56 - 2014-01-11 22:23 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 09:56 - 2014-01-11 22:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 09:56 - 2014-01-11 22:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\Users\Public\MyWebTattoo.exe
C:\Users\Richard Office\CC3up_1.30.0010.EXE

Some content of TEMP:
====================
C:\Users\Richard Office\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-09 10:04

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Richard Office at 2014-04-09 18:32:12
Running from C:\Users\Richard Office\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Advanced SystemCare Ultimate (Enabled - Up to date) {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Active Boot Disk (HKLM-x32\...\{40007E5C-19C8-4A25-AD70-A99D77D0A7DA}) (Version: 5.1.3 - LSoft Technologies)
Active@ Password Changer Professional (HKLM-x32\...\Active@ Password Changer Professional) (Version: 4.0 - LSoft Technologies Inc)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Playpanel (HKLM-x32\...\{69967F97-E880-44B9-8383-5278BBC8809B}) (Version: 1.4.0.28 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 Content (HKLM-x32\...\Adobe Premiere Elements 10 Content) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 Content (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 Content 1 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 Content 2 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 Content 3 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 HD Content 1 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 HD Content 2 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 HD Content 3 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Advanced SystemCare Ultimate 7 (HKLM-x32\...\Advanced SystemCare Ultimate_is1) (Version: 7.0.1 - IObit)
AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.923.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{E4490157-303F-F06F-FB6E-D2053A43A182}) (Version: 8.0.873.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.70405.2224 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.0828.2143 - )
AVS Audio Editor 7.2 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 7.2.1.487 - Online Media Technologies Ltd.)
AVS Cover Editor 2.0.1.3 (HKLM-x32\...\AVSCoverEditor2_is1) (Version:  - Online Media Technologies Ltd.)
AVS Disc Creator 5 (HKLM-x32\...\AVS Disc Creator_is1) (Version: 5.1.2.525 - Online Media Technologies Ltd.)
AVS DVD Authoring (HKLM-x32\...\AVS DVD Authoring_is1) (Version:  - Online Media Technologies Ltd.)
AVS DVD Copy version 4.1.2 (HKLM-x32\...\AVS DVD Copy_is1) (Version:  - Online Media Technologies Ltd.)
AVS Image Converter 3.0.2.270 (HKLM-x32\...\AVS Image Converter_is1) (Version: 3.0.2.270 - Online Media Technologies Ltd.)
AVS Media Player 4.2.2.104 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.2.2.104 - Online Media Technologies Ltd.)
AVS Photo Editor (HKLM-x32\...\AVS Photo Editor_is1) (Version: 2.1.2.136 - Online Media Technologies Ltd.)
AVS Registry Cleaner 2.3.1.255 (HKLM-x32\...\AVS Registry Cleaner_is1) (Version: 2.3.1.255 - Online Media Technologies Ltd.)
AVS Registry Cleaner version 2.2 (HKLM-x32\...\AVSRegistryCleaner_is1) (Version:  - Online Media Technologies Ltd.)
AVS Screen Capture version 2.0.1 (HKLM-x32\...\AVS Screen Capture_is1) (Version:  - Online Media Technologies Ltd.)
AVS System Info (HKLM-x32\...\AVS SystemInfo_is1) (Version:  - Online Media Technologies Ltd.)
AVS TV Recorder 2.1.3 (HKLM-x32\...\AVS TV Recorder_is1) (Version:  - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 6 (HKLM-x32\...\AVS4YOU Video Converter 6_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.4.2.541 - Online Media Technologies Ltd.)
AVS Video Editor 6 (HKLM-x32\...\AVS Video Editor_is1) (Version: 6.4.2.241 - Online Media Technologies Ltd.)
AVS Video Recorder 2.5 (HKLM-x32\...\AVS Video Recorder_is1) (Version: 2.5.6.87 - Online Media Technologies Ltd.)
AVS Video ReMaker 4.2.2.153 (HKLM-x32\...\AVS Video ReMaker_is1) (Version: 4.2.2.153 - Online Media Technologies Ltd.)
AVS YouTube Uploader version 2.1 (HKLM-x32\...\AVS YouTube Uploader 2.1_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 1.5.0.3 - )
BigPond Broadband ADSL (HKLM-x32\...\{433A39B0-380C-4634-93FE-12A812954F5B}) (Version: 9.2 - BigPond)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.174.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother HL-3045CN (HKLM-x32\...\{E6862A94-FDB6-4486-8F38-17998A2BB1D7}) (Version: 1.00 - Brother)
Brother MFL-Pro Suite (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.00 - Brother Industries, Ltd.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2008.0828.2144.37162 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization Chinese Standard (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Localization French (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Localization German (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Localization Hungarian (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Localization Italian (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Localization Japanese (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Localization Korean (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Localization Polish (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Localization Portuguese (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Localization Spanish (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Localization Thai (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Localization Turkish (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2008.0828.2143.37162 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2008.0828.2143.37162 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2008.0828.2143.37162 - ATI) Hidden
CCC Help English (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2008.0828.2143.37162 - ATI) Hidden
CCC Help French (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2008.0828.2143.37162 - ATI) Hidden
CCC Help German (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2008.0828.2143.37162 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2008.0828.2143.37162 - ATI) Hidden
CCC Help Italian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2008.0828.2143.37162 - ATI) Hidden
CCC Help Japanese (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2008.0828.2143.37162 - ATI) Hidden
CCC Help Korean (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2008.0828.2143.37162 - ATI) Hidden
CCC Help Polish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2008.0828.2143.37162 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2008.0828.2143.37162 - ATI) Hidden
CCC Help Spanish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2008.0828.2143.37162 - ATI) Hidden
CCC Help Thai (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2008.0828.2143.37162 - ATI) Hidden
CCC Help Turkish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
ccc-core-static (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
ccc-utility64 (Version: 2008.0828.2144.37162 - ATI) Hidden
ccc-utility64 (Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0009 - Dell, Inc.)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Diamond Multimedia 12.4 2400-6900 & 7300 & 7700-7900 PCIe Win7Vista (HKLM-x32\...\Diamond Multimedia 12.4 2400-6900 & 7300 & 7700-7900 PCIe Win7Vista) (Version: 8.0.873.0 - Diamond Multimedia)
DMX-LightPlayer (HKLM-x32\...\InstallShield_{B2DEBD32-E6F4-4746-9F0E-C078427A6620}) (Version: 1.0 - Velleman)
DMX-LightPlayer (x32 Version: 1.0 - Velleman) Hidden
Dulux MyColour4 (HKCU\...\Dulux MyColour4) (Version:  - Dulux)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version:  - Trusted Software) <==== ATTENTION
Free File Viewer 2011 (HKLM-x32\...\FreeFileViewer_is1) (Version:  - Bitberry Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp Pro 7 (HKLM-x32\...\{CA9483A2-742A-4A72-881D-B81C6B1ACB3E}) (Version: 2.1.6860 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.4.0.896 - Citrix Online, a division of Citrix Systems, Inc.)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
ImageMixer for HDD Camcorder (HKLM-x32\...\{44E5B47F-870E-4E38-A458-8A5FC4DCFECF}) (Version: 3.01.001 - PIXELA)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
Intel® Network Connections 16.3.48.0 (HKLM\...\PROSetDX) (Version: 16.3.48.0 - Intel)
Intel® Network Connections 16.3.48.0 (Version: 16.3.48.0 - Intel) Hidden
IObit Apps Toolbar v9.0 (HKLM-x32\...\{48C13178-64E2-4964-9927-B71A04074D08}) (Version: 9.0 - Spigot, Inc.) <==== ATTENTION
IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.3 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.0.5.1172 - IObit)
iPhone Configuration Utility (HKLM-x32\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java™ 7 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
KPG-87D (HKLM-x32\...\{27BD46FF-7A96-49D6-AE9E-B9044830CBC1}) (Version:  - )
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech Harmony Remote Software 7 (x32 Version: 7.4.0.5 - Logitech) Hidden
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 12.8.944 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.5.0.3026 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM-x32\...\{63AFACBC-4795-4A1B-8037-5085DC03FC54}) (Version: 1.40.164.0 - Microsoft)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4605.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4024.1220 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft XML Parser (x32 Version: 8.70.1104.04 - Microsoft Corporation) Hidden
Mojo Creation (HKLM-x32\...\{D3837993-C7BB-40B7-85C4-22F08D1FE08D}) (Version: 8.3.2371 - Digilabs)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM-x32\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM-x32\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Control Panel 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
Oberon Gamescape (HKLM-x32\...\Oberon Gamescape) (Version: 1.1.322.2 - Oberon Media Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
OLYMPUS Digital Camera Updater (HKLM-x32\...\{7CC978FD-AE31-419D-A7AB-2A137689AE1F}) (Version: 1.0.0 - OLYMPUS IMAGING CORP.)
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.9.0 - Prolific Technology INC)
PRE10STI64Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealArcade (HKLM-x32\...\RealArcade) (Version:  - )
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Roxio Creator DE (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
ScanSoft PaperPort 11 (HKLM-x32\...\{7A8FF745-BBC5-482B-88E4-18D3178249A9}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Serato DJ  (HKLM-x32\...\{2f847b43-65de-4cc9-91bb-f89e12555b26}) (Version: 1.5.1.6 - )
Serato DJ  (x32 Version: 1.5.1.6 - Serato) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skins (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Slick Savings (HKLM-x32\...\{3A787631-66A2-4634-B928-A37E73B58FB6}) (Version: 1.3 - Spigot, Inc.) <==== ATTENTION
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Premiere Elements 10 x64 Plugin (HKLM\...\{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}) (Version: 5.70.0001 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (HKLM-x32\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (x32 Version: 5.7.1 - SmartSound Software Inc.) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
Suzuki Cross Reference (HKLM-x32\...\ST6UNST #1) (Version:  - )
Timez Attack Launcher (HKLM-x32\...\Timez Attack Launcher K) (Version: K - Big Brainz)
TomTom HOME (HKLM-x32\...\{EC5F4C1B-F838-4CB7-8561-8F809296428B}) (Version: 2.9.5 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
VirtualDJ Home FREE (HKLM-x32\...\{A6AC699F-8315-40CA-8F70-E917494978AB}) (Version: 7.4 - Atomix Productions)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WIDCOMM Bluetooth Software 6.0.1.4300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.4300 - Dell)
Windows Driver Package - Atheros Communications Inc. (arusb_lhx) Net  (09/25/2008 3.1.0.101) (HKLM\...\B090418E214D6BD6EE18A512A8EE609225AC9279) (Version: 09/25/2008 3.1.0.101 - Atheros Communications Inc.)
Windows Driver Package - NETGEAR Inc. (RTL8187) Net  (12/01/2006 6.1258.1201.2006) (HKLM\...\5AF8BE22A56B38B1816F36BAC6A71F1277E45440) (Version: 12/01/2006 6.1258.1201.2006 - NETGEAR Inc.)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Driver Package - Thomson (USB_RNDIS) Net  (02/15/2007 2.0.0.0) (HKLM\...\2CA3B8348CD526E9B8928840AC68738C5B5A4F8F) (Version: 02/15/2007 2.0.0.0 - Thomson)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Password Reset Standard Demo 8.0.0 (HKLM-x32\...\{F43120F7-7DBF-4E10-BC9B-19373999AAF4}_is1) (Version:  - Windows Password Reset Standard Demo, Inc.)
Windows Password Unlocker Standard Trial 5.2.0.0 (HKLM-x32\...\{3FD67440-EF15-47C2-9FDD-B0DC3B8AD2D0}_is1) (Version:  - Password Unlocker Studio.)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo!7 Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )

==================== Restore Points  =========================

09-04-2014 05:00:13 Windows Update

==================== Hosts content: ==========================

2006-11-02 22:34 - 2006-09-19 07:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {06CDB954-20ED-498F-8D49-2C2952C148D9} - System32\Tasks\{03377710-C0E0-45D3-B4C3-201F73E7C25D} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0B13B903-A60D-49B8-B026-E87E6F1DAC12} - System32\Tasks\Vista Task Low => C:\Program Files (x86)\RealArcade\RealArcade.exe [2009-09-09] ()
Task: {139CE18F-4552-41A9-8374-A092AE7ADCA9} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3416351590-979912566-1601476894-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {1962C0B9-C78A-4B1D-BC06-6F9A9E6F5AAD} - System32\Tasks\ASC7U_SkipUac_Richard Office => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASC.exe [2014-01-06] (IObit)
Task: {2562ABCE-0A90-4227-8EC9-8B8A9064CBF3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation)
Task: {2F508C2D-0556-46F5-8C3A-5E355F0652D0} - System32\Tasks\AdobeAAMUpdater-1.0-RichardOffic-PC-Richard Office => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {35E17C3A-6B62-4A0F-935E-60318B9567DC} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\Monitor.exe [2013-11-29] (IObit)
Task: {3EB13F98-40DF-499A-9AFD-AB0F361B9BE1} - System32\Tasks\Free File Viewer Update Checker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-02-05] (Bitberry Software)
Task: {4B8467C0-637B-4D83-A184-C0F651CE35C8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3416351590-979912566-1601476894-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {4BB3E01C-201E-456C-8911-D55D1A375825} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-05-11] (Google Inc.)
Task: {547EE82B-07F0-4346-83C0-38252FBCA3E0} - System32\Tasks\Microsoft Office 15 Sync Maintenance for RichardOffic-PC-Richard Office RichardOffic-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-04-09] (Microsoft Corporation)
Task: {5B8891A3-F569-4FD0-AA17-9EC1A9737C6F} - System32\Tasks\Microsoft_Hardware_Launch_vVX3000_exe => C:\Windows\vVX3000.exe
Task: {64BFAACC-A6E6-48D7-8768-500AF54EA550} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-04-09] (Microsoft Corporation)
Task: {6995616A-CDB9-44C9-84AE-B3433EC270FB} - System32\Tasks\{7C783AFE-FEDE-485A-92E5-95D0FCBEAB43} => C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE [2014-04-09] (Microsoft Corporation)
Task: {712C6861-2B14-4E72-92BA-22B6921FE2B7} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {7B4C4A0B-6008-4AE7-828D-71258E146C8D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-23] (Piriform Ltd)
Task: {99A49CC5-7895-41D5-B7F3-799C494ADBEE} - System32\Tasks\{552CE348-CCA5-40C2-9930-E2DFD33B32AF} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
Task: {A378774C-18A5-4EC7-9DA4-1E4A488BF06E} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2009-07-14] (Microsoft Corporation)
Task: {BC44E123-C918-46E1-BE9B-D1A2C3F513A4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C9D8928B-60BC-477F-8B66-6C6A0864440C} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Richard Office => C:\Program Files\Windows Calendar\wincal.exe
Task: {D6B529B4-6E04-4380-9309-2CB00F92F3C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-05-11] (Google Inc.)
Task: {E8F29259-FA2E-4D8E-8BC7-CD77BF7452F2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Free File Viewer Update Checker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:03 AM

Posted 09 April 2014 - 06:04 AM

Hello,

 

The addition.txt log is cut off. Please post the full log.

 

 

Regards,

Georgi


cXfZ4wS.png


#7 Dicko148

Dicko148
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 09 April 2014 - 06:29 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Richard Office at 2014-04-09 18:32:12
Running from C:\Users\Richard Office\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Advanced SystemCare Ultimate (Enabled - Up to date) {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Active Boot Disk (HKLM-x32\...\{40007E5C-19C8-4A25-AD70-A99D77D0A7DA}) (Version: 5.1.3 - LSoft Technologies)
Active@ Password Changer Professional (HKLM-x32\...\Active@ Password Changer Professional) (Version: 4.0 - LSoft Technologies Inc)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Playpanel (HKLM-x32\...\{69967F97-E880-44B9-8383-5278BBC8809B}) (Version: 1.4.0.28 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 Content (HKLM-x32\...\Adobe Premiere Elements 10 Content) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 Content (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 Content 1 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 Content 2 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 Content 3 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 HD Content 1 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 HD Content 2 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 HD Content 3 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Advanced SystemCare Ultimate 7 (HKLM-x32\...\Advanced SystemCare Ultimate_is1) (Version: 7.0.1 - IObit)
AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.923.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{E4490157-303F-F06F-FB6E-D2053A43A182}) (Version: 8.0.873.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.70405.2224 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.0828.2143 - )
AVS Audio Editor 7.2 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 7.2.1.487 - Online Media Technologies Ltd.)
AVS Cover Editor 2.0.1.3 (HKLM-x32\...\AVSCoverEditor2_is1) (Version:  - Online Media Technologies Ltd.)
AVS Disc Creator 5 (HKLM-x32\...\AVS Disc Creator_is1) (Version: 5.1.2.525 - Online Media Technologies Ltd.)
AVS DVD Authoring (HKLM-x32\...\AVS DVD Authoring_is1) (Version:  - Online Media Technologies Ltd.)
AVS DVD Copy version 4.1.2 (HKLM-x32\...\AVS DVD Copy_is1) (Version:  - Online Media Technologies Ltd.)
AVS Image Converter 3.0.2.270 (HKLM-x32\...\AVS Image Converter_is1) (Version: 3.0.2.270 - Online Media Technologies Ltd.)
AVS Media Player 4.2.2.104 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.2.2.104 - Online Media Technologies Ltd.)
AVS Photo Editor (HKLM-x32\...\AVS Photo Editor_is1) (Version: 2.1.2.136 - Online Media Technologies Ltd.)
AVS Registry Cleaner 2.3.1.255 (HKLM-x32\...\AVS Registry Cleaner_is1) (Version: 2.3.1.255 - Online Media Technologies Ltd.)
AVS Registry Cleaner version 2.2 (HKLM-x32\...\AVSRegistryCleaner_is1) (Version:  - Online Media Technologies Ltd.)
AVS Screen Capture version 2.0.1 (HKLM-x32\...\AVS Screen Capture_is1) (Version:  - Online Media Technologies Ltd.)
AVS System Info (HKLM-x32\...\AVS SystemInfo_is1) (Version:  - Online Media Technologies Ltd.)
AVS TV Recorder 2.1.3 (HKLM-x32\...\AVS TV Recorder_is1) (Version:  - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 6 (HKLM-x32\...\AVS4YOU Video Converter 6_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.4.2.541 - Online Media Technologies Ltd.)
AVS Video Editor 6 (HKLM-x32\...\AVS Video Editor_is1) (Version: 6.4.2.241 - Online Media Technologies Ltd.)
AVS Video Recorder 2.5 (HKLM-x32\...\AVS Video Recorder_is1) (Version: 2.5.6.87 - Online Media Technologies Ltd.)
AVS Video ReMaker 4.2.2.153 (HKLM-x32\...\AVS Video ReMaker_is1) (Version: 4.2.2.153 - Online Media Technologies Ltd.)
AVS YouTube Uploader version 2.1 (HKLM-x32\...\AVS YouTube Uploader 2.1_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 1.5.0.3 - )
BigPond Broadband ADSL (HKLM-x32\...\{433A39B0-380C-4634-93FE-12A812954F5B}) (Version: 9.2 - BigPond)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.174.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother HL-3045CN (HKLM-x32\...\{E6862A94-FDB6-4486-8F38-17998A2BB1D7}) (Version: 1.00 - Brother)
Brother MFL-Pro Suite (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.00 - Brother Industries, Ltd.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2008.0828.2144.37162 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization Chinese Standard (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Localization French (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Localization German (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Localization Hungarian (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Localization Italian (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Localization Japanese (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Localization Korean (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Localization Polish (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Localization Portuguese (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Localization Spanish (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Localization Thai (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Catalyst Control Center Localization Turkish (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2008.0828.2143.37162 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2008.0828.2143.37162 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2008.0828.2143.37162 - ATI) Hidden
CCC Help English (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2008.0828.2143.37162 - ATI) Hidden
CCC Help French (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2008.0828.2143.37162 - ATI) Hidden
CCC Help German (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2008.0828.2143.37162 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2008.0828.2143.37162 - ATI) Hidden
CCC Help Italian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2008.0828.2143.37162 - ATI) Hidden
CCC Help Japanese (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2008.0828.2143.37162 - ATI) Hidden
CCC Help Korean (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2008.0828.2143.37162 - ATI) Hidden
CCC Help Polish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2008.0828.2143.37162 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2008.0828.2143.37162 - ATI) Hidden
CCC Help Spanish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2008.0828.2143.37162 - ATI) Hidden
CCC Help Thai (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2008.0828.2143.37162 - ATI) Hidden
CCC Help Turkish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
ccc-core-static (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
ccc-utility64 (Version: 2008.0828.2144.37162 - ATI) Hidden
ccc-utility64 (Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0009 - Dell, Inc.)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Diamond Multimedia 12.4 2400-6900 & 7300 & 7700-7900 PCIe Win7Vista (HKLM-x32\...\Diamond Multimedia 12.4 2400-6900 & 7300 & 7700-7900 PCIe Win7Vista) (Version: 8.0.873.0 - Diamond Multimedia)
DMX-LightPlayer (HKLM-x32\...\InstallShield_{B2DEBD32-E6F4-4746-9F0E-C078427A6620}) (Version: 1.0 - Velleman)
DMX-LightPlayer (x32 Version: 1.0 - Velleman) Hidden
Dulux MyColour4 (HKCU\...\Dulux MyColour4) (Version:  - Dulux)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version:  - Trusted Software) <==== ATTENTION
Free File Viewer 2011 (HKLM-x32\...\FreeFileViewer_is1) (Version:  - Bitberry Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp Pro 7 (HKLM-x32\...\{CA9483A2-742A-4A72-881D-B81C6B1ACB3E}) (Version: 2.1.6860 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.4.0.896 - Citrix Online, a division of Citrix Systems, Inc.)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
ImageMixer for HDD Camcorder (HKLM-x32\...\{44E5B47F-870E-4E38-A458-8A5FC4DCFECF}) (Version: 3.01.001 - PIXELA)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
Intel® Network Connections 16.3.48.0 (HKLM\...\PROSetDX) (Version: 16.3.48.0 - Intel)
Intel® Network Connections 16.3.48.0 (Version: 16.3.48.0 - Intel) Hidden
IObit Apps Toolbar v9.0 (HKLM-x32\...\{48C13178-64E2-4964-9927-B71A04074D08}) (Version: 9.0 - Spigot, Inc.) <==== ATTENTION
IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.3 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.0.5.1172 - IObit)
iPhone Configuration Utility (HKLM-x32\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java™ 7 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
KPG-87D (HKLM-x32\...\{27BD46FF-7A96-49D6-AE9E-B9044830CBC1}) (Version:  - )
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech Harmony Remote Software 7 (x32 Version: 7.4.0.5 - Logitech) Hidden
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 12.8.944 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.5.0.3026 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM-x32\...\{63AFACBC-4795-4A1B-8037-5085DC03FC54}) (Version: 1.40.164.0 - Microsoft)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4605.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4024.1220 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft XML Parser (x32 Version: 8.70.1104.04 - Microsoft Corporation) Hidden
Mojo Creation (HKLM-x32\...\{D3837993-C7BB-40B7-85C4-22F08D1FE08D}) (Version: 8.3.2371 - Digilabs)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM-x32\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM-x32\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Control Panel 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
Oberon Gamescape (HKLM-x32\...\Oberon Gamescape) (Version: 1.1.322.2 - Oberon Media Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
OLYMPUS Digital Camera Updater (HKLM-x32\...\{7CC978FD-AE31-419D-A7AB-2A137689AE1F}) (Version: 1.0.0 - OLYMPUS IMAGING CORP.)
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.9.0 - Prolific Technology INC)
PRE10STI64Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealArcade (HKLM-x32\...\RealArcade) (Version:  - )
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Roxio Creator DE (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
ScanSoft PaperPort 11 (HKLM-x32\...\{7A8FF745-BBC5-482B-88E4-18D3178249A9}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Serato DJ  (HKLM-x32\...\{2f847b43-65de-4cc9-91bb-f89e12555b26}) (Version: 1.5.1.6 - )
Serato DJ  (x32 Version: 1.5.1.6 - Serato) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skins (x32 Version: 2008.0828.2144.37162 - ATI) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Slick Savings (HKLM-x32\...\{3A787631-66A2-4634-B928-A37E73B58FB6}) (Version: 1.3 - Spigot, Inc.) <==== ATTENTION
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Premiere Elements 10 x64 Plugin (HKLM\...\{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}) (Version: 5.70.0001 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (HKLM-x32\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (x32 Version: 5.7.1 - SmartSound Software Inc.) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
Suzuki Cross Reference (HKLM-x32\...\ST6UNST #1) (Version:  - )
Timez Attack Launcher (HKLM-x32\...\Timez Attack Launcher K) (Version: K - Big Brainz)
TomTom HOME (HKLM-x32\...\{EC5F4C1B-F838-4CB7-8561-8F809296428B}) (Version: 2.9.5 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
VirtualDJ Home FREE (HKLM-x32\...\{A6AC699F-8315-40CA-8F70-E917494978AB}) (Version: 7.4 - Atomix Productions)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WIDCOMM Bluetooth Software 6.0.1.4300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.4300 - Dell)
Windows Driver Package - Atheros Communications Inc. (arusb_lhx) Net  (09/25/2008 3.1.0.101) (HKLM\...\B090418E214D6BD6EE18A512A8EE609225AC9279) (Version: 09/25/2008 3.1.0.101 - Atheros Communications Inc.)
Windows Driver Package - NETGEAR Inc. (RTL8187) Net  (12/01/2006 6.1258.1201.2006) (HKLM\...\5AF8BE22A56B38B1816F36BAC6A71F1277E45440) (Version: 12/01/2006 6.1258.1201.2006 - NETGEAR Inc.)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Driver Package - Thomson (USB_RNDIS) Net  (02/15/2007 2.0.0.0) (HKLM\...\2CA3B8348CD526E9B8928840AC68738C5B5A4F8F) (Version: 02/15/2007 2.0.0.0 - Thomson)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Password Reset Standard Demo 8.0.0 (HKLM-x32\...\{F43120F7-7DBF-4E10-BC9B-19373999AAF4}_is1) (Version:  - Windows Password Reset Standard Demo, Inc.)
Windows Password Unlocker Standard Trial 5.2.0.0 (HKLM-x32\...\{3FD67440-EF15-47C2-9FDD-B0DC3B8AD2D0}_is1) (Version:  - Password Unlocker Studio.)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo!7 Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )

==================== Restore Points  =========================

09-04-2014 05:00:13 Windows Update

==================== Hosts content: ==========================

2006-11-02 22:34 - 2006-09-19 07:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {06CDB954-20ED-498F-8D49-2C2952C148D9} - System32\Tasks\{03377710-C0E0-45D3-B4C3-201F73E7C25D} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0B13B903-A60D-49B8-B026-E87E6F1DAC12} - System32\Tasks\Vista Task Low => C:\Program Files (x86)\RealArcade\RealArcade.exe [2009-09-09] ()
Task: {139CE18F-4552-41A9-8374-A092AE7ADCA9} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3416351590-979912566-1601476894-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {1962C0B9-C78A-4B1D-BC06-6F9A9E6F5AAD} - System32\Tasks\ASC7U_SkipUac_Richard Office => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASC.exe [2014-01-06] (IObit)
Task: {2562ABCE-0A90-4227-8EC9-8B8A9064CBF3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation)
Task: {2F508C2D-0556-46F5-8C3A-5E355F0652D0} - System32\Tasks\AdobeAAMUpdater-1.0-RichardOffic-PC-Richard Office => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {35E17C3A-6B62-4A0F-935E-60318B9567DC} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\Monitor.exe [2013-11-29] (IObit)
Task: {3EB13F98-40DF-499A-9AFD-AB0F361B9BE1} - System32\Tasks\Free File Viewer Update Checker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-02-05] (Bitberry Software)
Task: {4B8467C0-637B-4D83-A184-C0F651CE35C8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3416351590-979912566-1601476894-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {4BB3E01C-201E-456C-8911-D55D1A375825} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-05-11] (Google Inc.)
Task: {547EE82B-07F0-4346-83C0-38252FBCA3E0} - System32\Tasks\Microsoft Office 15 Sync Maintenance for RichardOffic-PC-Richard Office RichardOffic-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-04-09] (Microsoft Corporation)
Task: {5B8891A3-F569-4FD0-AA17-9EC1A9737C6F} - System32\Tasks\Microsoft_Hardware_Launch_vVX3000_exe => C:\Windows\vVX3000.exe
Task: {64BFAACC-A6E6-48D7-8768-500AF54EA550} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-04-09] (Microsoft Corporation)
Task: {6995616A-CDB9-44C9-84AE-B3433EC270FB} - System32\Tasks\{7C783AFE-FEDE-485A-92E5-95D0FCBEAB43} => C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE [2014-04-09] (Microsoft Corporation)
Task: {712C6861-2B14-4E72-92BA-22B6921FE2B7} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {7B4C4A0B-6008-4AE7-828D-71258E146C8D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-23] (Piriform Ltd)
Task: {99A49CC5-7895-41D5-B7F3-799C494ADBEE} - System32\Tasks\{552CE348-CCA5-40C2-9930-E2DFD33B32AF} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
Task: {A378774C-18A5-4EC7-9DA4-1E4A488BF06E} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2009-07-14] (Microsoft Corporation)
Task: {BC44E123-C918-46E1-BE9B-D1A2C3F513A4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C9D8928B-60BC-477F-8B66-6C6A0864440C} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Richard Office => C:\Program Files\Windows Calendar\wincal.exe
Task: {D6B529B4-6E04-4380-9309-2CB00F92F3C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-05-11] (Google Inc.)
Task: {E8F29259-FA2E-4D8E-8BC7-CD77BF7452F2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Free File Viewer Update Checker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-15 14:32 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-04-14 10:34 - 2014-03-25 13:21 - 00629928 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-08-14 14:19 - 2013-08-14 14:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-04-09 07:20 - 2014-04-09 07:20 - 08884904 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-08-14 20:23 - 2013-03-15 14:16 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-10-07 19:39 - 2011-10-07 19:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2009-10-25 17:27 - 2009-10-25 17:27 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2014-04-07 19:38 - 2013-01-15 18:47 - 00517440 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\sqlite3.dll
2014-04-07 19:37 - 2013-11-14 16:02 - 00218944 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\Antivirus\bdfltlib.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-07 19:38 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\madExcept_.bpl
2014-04-07 19:38 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\madBasic_.bpl
2014-04-07 19:38 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\madDisAsm_.bpl
2014-04-07 19:38 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\webres.dll
2014-04-09 07:17 - 2014-04-09 07:17 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:147DA06A
AlternateDataStreams: C:\ProgramData\TEMP:1677AB3F
AlternateDataStreams: C:\ProgramData\TEMP:18FCA3F2
AlternateDataStreams: C:\ProgramData\TEMP:2B059D79
AlternateDataStreams: C:\ProgramData\TEMP:3095BD69
AlternateDataStreams: C:\ProgramData\TEMP:42CAFB06
AlternateDataStreams: C:\ProgramData\TEMP:46D2C03C
AlternateDataStreams: C:\ProgramData\TEMP:4911BB5C
AlternateDataStreams: C:\ProgramData\TEMP:4A077D87
AlternateDataStreams: C:\ProgramData\TEMP:56AB0B90
AlternateDataStreams: C:\ProgramData\TEMP:6DCFAD3B
AlternateDataStreams: C:\ProgramData\TEMP:75E7048E
AlternateDataStreams: C:\ProgramData\TEMP:7AC6D7F1
AlternateDataStreams: C:\ProgramData\TEMP:7AE4DA2E
AlternateDataStreams: C:\ProgramData\TEMP:7C0CBD4C
AlternateDataStreams: C:\ProgramData\TEMP:7EE43C06
AlternateDataStreams: C:\ProgramData\TEMP:80234CE0
AlternateDataStreams: C:\ProgramData\TEMP:8AB86A68
AlternateDataStreams: C:\ProgramData\TEMP:8C885EDD
AlternateDataStreams: C:\ProgramData\TEMP:8F7ECF6A
AlternateDataStreams: C:\ProgramData\TEMP:956EC010
AlternateDataStreams: C:\ProgramData\TEMP:9B3382E2
AlternateDataStreams: C:\ProgramData\TEMP:A5E0BCE9
AlternateDataStreams: C:\ProgramData\TEMP:AA7BE830
AlternateDataStreams: C:\ProgramData\TEMP:CF54F1CA
AlternateDataStreams: C:\ProgramData\TEMP:E8C4808B
AlternateDataStreams: C:\ProgramData\TEMP:EA43B001
AlternateDataStreams: C:\ProgramData\TEMP:EB3A09D6
AlternateDataStreams: C:\ProgramData\TEMP:F00E008B

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Richard Office^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Jacquie Lawson Advent Calendar.lnk => C:\Windows\pss\Jacquie Lawson Advent Calendar.lnk.Startup
MSCONFIG\startupreg: (default) =>
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Bluetooth HCI Monitor => RunDll32 HCIMNTR.DLL,RunCheckHCIMode
MSCONFIG\startupreg: BrMfcWnd => "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: My Web Search Bar Search Scope Monitor => "C:\PROGRA~2\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /h
MSCONFIG\startupreg: MyWebSearch Email Plugin => C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwsoemon.exe
MSCONFIG\startupreg: MyWebSearch Plugin => rundll32 C:\PROGRA~2\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PPort11reminder => "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TkBellExe => "c:\program files\real\realplayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: TurboLister Upgrade Helper => C:\Program Files (x86)\eBay\Turbo Lister2\helper.exe -redist

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/09/2014 03:25:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2014 08:23:48 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (04/09/2014 07:50:58 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2014 07:06:08 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/09/2014 07:06:08 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (04/09/2014 07:02:50 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2014 07:02:09 AM) (Source: ESENT) (User: )
Description: taskhost (3184) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Richard Office\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (04/08/2014 09:21:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore, version: 0.0.0.0, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00073244
Faulting process id: 0xb294
Faulting application start time: 0xiexplore0
Faulting application path: iexplore1
Faulting module path: iexplore2
Report Id: iexplore3

Error: (04/08/2014 09:12:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore, version: 0.0.0.0, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00183244
Faulting process id: 0x7f44
Faulting application start time: 0xiexplore0
Faulting application path: iexplore1
Faulting module path: iexplore2
Report Id: iexplore3

Error: (04/08/2014 08:58:46 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore, version: 0.0.0.0, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00183244
Faulting process id: 0x88f4
Faulting application start time: 0xiexplore0
Faulting application path: iexplore1
Faulting module path: iexplore2
Report Id: iexplore3

System errors:
=============
Error: (04/09/2014 03:32:36 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (04/09/2014 03:29:58 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (04/09/2014 03:29:58 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (04/09/2014 03:29:17 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (04/09/2014 03:29:17 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (04/09/2014 03:29:17 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (04/09/2014 03:29:17 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (04/09/2014 03:29:17 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (04/09/2014 03:29:17 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (04/09/2014 03:29:07 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Microsoft Office Sessions:
=========================
Error: (04/09/2014 03:25:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2014 08:23:48 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (04/09/2014 07:50:58 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2014 07:06:08 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (04/09/2014 07:06:08 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (04/09/2014 07:02:50 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2014 07:02:09 AM) (Source: ESENT)(User: )
Description: taskhost3184WebCacheLocal: C:\Users\Richard Office\AppData\Local\Microsoft\Windows\WebCache\V01.log-1811 (0xfffff8ed)

Error: (04/08/2014 09:21:21 PM) (Source: Application Error)(User: )
Description: iexplore0.0.0.04a5bc6b7unknown0.0.0.000000000c000000500073244b29401cf531c8f1de663c:\program files\internet explorer\iexploreunknowne8cf1019-bf0f-11e3-af58-0024e811474d

Error: (04/08/2014 09:12:12 PM) (Source: Application Error)(User: )
Description: iexplore0.0.0.04a5bc6b7unknown0.0.0.000000000c0000005001832447f4401cf531a75794da9c:\program files\internet explorer\iexploreunknowna1835cf8-bf0e-11e3-af58-0024e811474d

Error: (04/08/2014 08:58:46 PM) (Source: Application Error)(User: )
Description: iexplore0.0.0.04a5bc6b7unknown0.0.0.000000000c00000050018324488f401cf53190a7fc6f7c:\program files\internet explorer\iexploreunknownc10cb40d-bf0c-11e3-af58-0024e811474d

CodeIntegrity Errors:
===================================
  Date: 2013-02-18 20:50:01.762
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-18 20:50:01.610
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-18 20:49:59.187
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-18 20:49:59.028
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-18 20:49:56.326
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-18 20:49:56.172
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-18 20:49:53.738
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-18 20:49:53.579
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-18 20:49:51.117
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-18 20:49:50.957
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 16375.18 MB
Available physical RAM: 11197.17 MB
Total Pagefile: 32748.54 MB
Available Pagefile: 26836.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:450.7 GB) (Free:130.74 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:8.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 78000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=451 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:03 AM

Posted 09 April 2014 - 07:25 AM

Hello,

 

 

I do not recommend that you have more than one anti virus product installed and running on your computer at a time.  The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".  It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and uninstall Advanced SystemCare Ultimate 7.

 

 

 

Registry Editor / Cleaner Warning !!



The following is referring to Advanced SystemCare Ultimate 7, AVS Registry Cleaner and CCleaner.
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:

  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.


For more information about why you should avoid using a such programs please take a look here => Registry Cleaners and System Tweaking Tools

 

 

 

Next click on Start > type in appwiz.cpl in the search box and press Enter
Find and uninstall the following programs from the list as well:

 

IObit Malware Fighter => not recommended, see here
IObit Uninstaller => better use MSFixIt instead
File Type Assistant => adware program
IObit Apps Toolbar v9.0 => adware program
Slick Savings => adware program
Surfing Protection => adware program
 

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

 

 

Regards,

Georgi


cXfZ4wS.png


#9 Dicko148

Dicko148
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 10 April 2014 - 01:38 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Richard Office at 2014-04-10 16:35:17 Run:1
Running from C:\Users\Richard Office\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SearchSettings] - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [1401152 2014-03-28] (Spigot, Inc.)
C:\Program Files (x86)\Common Files\Spigot
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\...\Run: [Slick Savings] - C:\Users\Richard Office\AppData\Roaming\Slick Savings\CouponsHelper.exe [832320 2014-02-13] (Spigot, Inc.)
C:\Users\Richard Office\AppData\Roaming\Slick Savings
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\...\MountPoints2: E - E:\SETUP.EXE
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\...\MountPoints2: {0e3f61d4-348b-11e0-9dbb-c21e2c5e8269} - J:\PcOptions.exe
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\...\MountPoints2: {c59deef9-6b01-11e0-b5b2-806e6f6e6963} - J:\PcOptions.exe
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume3\Users\RICHAR~1\AppData\Local\Temp\swvtvpr\smoxfbi\wow.dll ATTENTION! ====> ZeroAccess?
URLSearchHook: HKCU - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\9.0\iobitappsToolbarIE64.dll (Spigot, Inc.)
URLSearchHook: HKCU - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\9.0\iobitappsToolbarIE.dll (Spigot, Inc.)
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO: Slick Savings - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\Richard Office\AppData\Roaming\Slick Savings\Coupons64.dll (Spigot, Inc.)
BHO-x32: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\9.0\iobitappsToolbarIE.dll (Spigot, Inc.)
BHO-x32: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO-x32: Slick Savings - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\Richard Office\AppData\Roaming\Slick Savings\Coupons.dll (Spigot, Inc.)
BHO-x32: Ads Removal - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
Toolbar: HKLM - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\9.0\iobitappsToolbarIE64.dll (Spigot, Inc.)
Toolbar: HKLM-x32 - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\9.0\iobitappsToolbarIE.dll (Spigot, Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
CHR Extension: (wxDfast) - C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdjfcdinekpfcedakhpngcnaamhiihn [2012-07-20]
CHR Extension: (Ads Removal) - C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-04-07]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2014-04-07]
CHR HKLM-x32\...\Chrome\Extension: [ekdjfcdinekpfcedakhpngcnaamhiihn] - C:\ProgramData\wxDfast\ekdjfcdinekpfcedakhpngcnaamhiihn.crx [2014-01-12]
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\Richard Office\AppData\Local\Slick Savings\coupons.crx [2014-04-07]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [2014-04-07]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
S1 vfmoqqlq; \??\C:\Windows\system32\drivers\vfmoqqlq.sys [X]
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\...\Run: [Ikam] - "C:\Users\Richard Office\AppData\Local\Temp\Tiewwo\ikam.exe" <===== ATTENTION
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\...\Run: [bozlosjorodo] - C:\Users\Richard Office\bozlosjorodo.exe
C:\Users\Richard Office\bozlosjorodo.exe
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\...\Run: [nilyqakuvago] - C:\Users\Richard Office\nilyqakuvago.exe
C:\Users\Richard Office\nilyqakuvago.exe
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\...\Run: [Regedit32] - C:\Windows\system32\regedit.exe
C:\Windows\system32\regedit.exe
2014-04-09 07:07 - 2014-04-09 07:07 - 00000000 ____D () C:\Program Files (x86)\IObit Apps Toolbar
2014-04-09 07:07 - 2014-04-09 07:07 - 00000000 ____D () C:\Program Files (x86)\Application Updater
2014-04-07 19:34 - 2014-04-09 07:07 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Slick Savings
Folder: C:\f7f0497
2014-03-31 20:20 - 2014-04-06 17:18 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Ifodo
2014-03-31 20:20 - 2014-03-31 20:25 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Otuwx
2014-03-31 20:20 - 2014-03-31 20:24 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Xereim
2014-03-31 20:20 - 2014-03-31 20:21 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Onsyke
2014-03-31 20:20 - 2014-03-31 20:20 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Yvyw
2014-03-31 20:20 - 2014-03-31 20:20 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Erkayc
2014-03-31 20:20 - 2014-03-31 20:20 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Equsus
AlternateDataStreams: C:\ProgramData\TEMP:147DA06A
AlternateDataStreams: C:\ProgramData\TEMP:1677AB3F
AlternateDataStreams: C:\ProgramData\TEMP:18FCA3F2
AlternateDataStreams: C:\ProgramData\TEMP:2B059D79
AlternateDataStreams: C:\ProgramData\TEMP:3095BD69
AlternateDataStreams: C:\ProgramData\TEMP:42CAFB06
AlternateDataStreams: C:\ProgramData\TEMP:46D2C03C
AlternateDataStreams: C:\ProgramData\TEMP:4911BB5C
AlternateDataStreams: C:\ProgramData\TEMP:4A077D87
AlternateDataStreams: C:\ProgramData\TEMP:56AB0B90
AlternateDataStreams: C:\ProgramData\TEMP:6DCFAD3B
AlternateDataStreams: C:\ProgramData\TEMP:75E7048E
AlternateDataStreams: C:\ProgramData\TEMP:7AC6D7F1
AlternateDataStreams: C:\ProgramData\TEMP:7AE4DA2E
AlternateDataStreams: C:\ProgramData\TEMP:7C0CBD4C
AlternateDataStreams: C:\ProgramData\TEMP:7EE43C06
AlternateDataStreams: C:\ProgramData\TEMP:80234CE0
AlternateDataStreams: C:\ProgramData\TEMP:8AB86A68
AlternateDataStreams: C:\ProgramData\TEMP:8C885EDD
AlternateDataStreams: C:\ProgramData\TEMP:8F7ECF6A
AlternateDataStreams: C:\ProgramData\TEMP:956EC010
AlternateDataStreams: C:\ProgramData\TEMP:9B3382E2
AlternateDataStreams: C:\ProgramData\TEMP:A5E0BCE9
AlternateDataStreams: C:\ProgramData\TEMP:AA7BE830
AlternateDataStreams: C:\ProgramData\TEMP:CF54F1CA
AlternateDataStreams: C:\ProgramData\TEMP:E8C4808B
AlternateDataStreams: C:\ProgramData\TEMP:EA43B001
AlternateDataStreams: C:\ProgramData\TEMP:EB3A09D6
AlternateDataStreams: C:\ProgramData\TEMP:F00E008B
C:\Users\Richard Office\AppData\Local\Temp
end
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SearchSettings => Value not found.
C:\Program Files (x86)\Common Files\Spigot => Moved successfully.
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Slick Savings => Value not found.
"C:\Users\Richard Office\AppData\Roaming\Slick Savings" => File/Directory not found.
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-3416351590-979912566-1601476894-1000 => Key not found.
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e3f61d4-348b-11e0-9dbb-c21e2c5e8269} => Key deleted successfully.
HKCR\CLSID\{0e3f61d4-348b-11e0-9dbb-c21e2c5e8269} => Key not found.
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59deef9-6b01-11e0-b5b2-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{c59deef9-6b01-11e0-b5b2-806e6f6e6963} => Key not found.
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} => Value not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} => Value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => Key not found.
HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => Key deleted successfully.
HKCR\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} => Key not found.
HKCR\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} => Key not found.
HKCR\Wow6432Node\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} => Key not found.
HKCR\Wow6432Node\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} => Key not found.
HKCR\Wow6432Node\CLSID\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} => Key not found.
HKCR\Wow6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} => Value not found.
HKCR\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} => Value not found.
HKCR\Wow6432Node\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdjfcdinekpfcedakhpngcnaamhiihn => Moved successfully.
C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen directory not found.
C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ekdjfcdinekpfcedakhpngcnaamhiihn => Key deleted successfully.
"C:\ProgramData\wxDfast\ekdjfcdinekpfcedakhpngcnaamhiihn.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj => Key deleted successfully.
"C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj => Key deleted successfully.
"C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk => Key deleted successfully.
C:\Users\Richard Office\AppData\Local\Slick Savings\coupons.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd => Key deleted successfully.
"C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp => Key deleted successfully.
"C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx" => File/Directory not found.
vfmoqqlq => Service deleted successfully.
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Ikam => Value not found.
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\Software\Microsoft\Windows\CurrentVersion\Run\\bozlosjorodo => Value not found.
"C:\Users\Richard Office\bozlosjorodo.exe" => File/Directory not found.
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\Software\Microsoft\Windows\CurrentVersion\Run\\nilyqakuvago => Value not found.
"C:\Users\Richard Office\nilyqakuvago.exe" => File/Directory not found.
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 => Value not found.
"C:\Windows\system32\regedit.exe" => File/Directory not found.
"C:\Program Files (x86)\IObit Apps Toolbar" => File/Directory not found.
"C:\Program Files (x86)\Application Updater" => File/Directory not found.
"C:\Users\Richard Office\AppData\Roaming\Slick Savings" => File/Directory not found.

========================= Folder: C:\f7f0497 ========================

====== End of Folder: ======

C:\Users\Richard Office\AppData\Roaming\Ifodo => Moved successfully.
C:\Users\Richard Office\AppData\Roaming\Otuwx => Moved successfully.
C:\Users\Richard Office\AppData\Roaming\Xereim => Moved successfully.
C:\Users\Richard Office\AppData\Roaming\Onsyke => Moved successfully.
C:\Users\Richard Office\AppData\Roaming\Yvyw => Moved successfully.
C:\Users\Richard Office\AppData\Roaming\Erkayc => Moved successfully.
C:\Users\Richard Office\AppData\Roaming\Equsus => Moved successfully.
C:\ProgramData\TEMP => ":147DA06A" ADS removed successfully.
C:\ProgramData\TEMP => ":1677AB3F" ADS removed successfully.
C:\ProgramData\TEMP => ":18FCA3F2" ADS removed successfully.
C:\ProgramData\TEMP => ":2B059D79" ADS removed successfully.
C:\ProgramData\TEMP => ":3095BD69" ADS removed successfully.
C:\ProgramData\TEMP => ":42CAFB06" ADS removed successfully.
C:\ProgramData\TEMP => ":46D2C03C" ADS removed successfully.
C:\ProgramData\TEMP => ":4911BB5C" ADS removed successfully.
C:\ProgramData\TEMP => ":4A077D87" ADS removed successfully.
C:\ProgramData\TEMP => ":56AB0B90" ADS removed successfully.
C:\ProgramData\TEMP => ":6DCFAD3B" ADS removed successfully.
C:\ProgramData\TEMP => ":75E7048E" ADS removed successfully.
C:\ProgramData\TEMP => ":7AC6D7F1" ADS removed successfully.
C:\ProgramData\TEMP => ":7AE4DA2E" ADS removed successfully.
C:\ProgramData\TEMP => ":7C0CBD4C" ADS removed successfully.
C:\ProgramData\TEMP => ":7EE43C06" ADS removed successfully.
C:\ProgramData\TEMP => ":80234CE0" ADS removed successfully.
C:\ProgramData\TEMP => ":8AB86A68" ADS removed successfully.
C:\ProgramData\TEMP => ":8C885EDD" ADS removed successfully.
C:\ProgramData\TEMP => ":8F7ECF6A" ADS removed successfully.
C:\ProgramData\TEMP => ":956EC010" ADS removed successfully.
C:\ProgramData\TEMP => ":9B3382E2" ADS removed successfully.
C:\ProgramData\TEMP => ":A5E0BCE9" ADS removed successfully.
C:\ProgramData\TEMP => ":AA7BE830" ADS removed successfully.
C:\ProgramData\TEMP => ":CF54F1CA" ADS removed successfully.
C:\ProgramData\TEMP => ":E8C4808B" ADS removed successfully.
C:\ProgramData\TEMP => ":EA43B001" ADS removed successfully.
C:\ProgramData\TEMP => ":EB3A09D6" ADS removed successfully.
C:\ProgramData\TEMP => ":F00E008B" ADS removed successfully.



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:03 AM

Posted 10 April 2014 - 06:45 AM

Hello,

 

 

Please run a new scan with FRST and post back the fresh logs.

Also let me know how are things now.

 

 

Regards,

Georgi


cXfZ4wS.png


#11 Dicko148

Dicko148
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 10 April 2014 - 01:27 PM

Has improved a lot. Still a little slow on startup, but much better then before.

 

COM surrogate process has gone, thankgod.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 29 days old and could be outdated)
Ran by Richard Office (administrator) on RICHARDOFFIC-PC on 11-04-2014 04:24:58
Running from C:\Users\Richard Office\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LBTWiz.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\sysWow64\SearchProtocolHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\VUL\McVulCtr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Bluetooth Connection Assistant] - LBTWIZ.EXE -silent
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-07-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-23] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-07-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2014-03-21] (RealNetworks, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-05] (Google Inc.)
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\...\MountPoints2: E - E:\SETUP.EXE
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Richard Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.ninemsn.com.au/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3A01F468464ECF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com/
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {20A46058-3A5B-4703-B05E-856160573F29} URL = http://au.search.yahoo.com/search?fr=mcafee&type=A011AU0&p={SearchTerms}
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/AU/Core/Player/2020PlayerAX_Win32.cab
DPF: HKLM-x32 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

Chrome:
=======
CHR Extension: (Entanglement Web App) - C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-05-28]
CHR Extension: (SiteAdvisor) - C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-07-20]
CHR Extension: (RealDownloader) - C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-04-01]
CHR Extension: (Skype Click to Call) - C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-02-23]
CHR Extension: (Poppit) - C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-05-28]
CHR Extension: (Google Wallet) - C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-12]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]



#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:03 AM

Posted 11 April 2014 - 03:16 AM

Hello,

 

The log is cut off. Please attach the log to your next reply!

 

As for the slow startup you can try this:

 

Type msconfig in the start menu, then hit enter.
Go to the startup tab and then uncheck the following lines:

RtHDVCpl
StartCCC
BingDesktop
APSDaemon
Adobe ARM
QuickTime Task
iTunesHelper
TkBellExe

and any programs that you don't need to load with Windows.
Click the "Apply" button and click "OK" to close the MSCONFIG window.
Restart your computer to save the changes you made to the Startup.
You might have a popup window when you log on. This is typical. Just click ok. You can also make the popup window not come up anymore by checking the box there.

blocked-startup-programs2.PNG
The programs you removed will no longer automatically launch once Windows starts up.

 

 

 

Also please download MyDefrag.
Double-click the file to install the program, then double-click the "MyDefrag.exe" to run the program.
Click on "System Disk Monthly" and check the box for your C: drive and your system reserved partition.

Uz41hCj.png

Next, click the Run button at the bottom.

 

This process can take up to an hour or even more!

When it is done, it will display finished on the screen.

Close the program by clicking on the red cross.

How+do+I+consolidate+free+space+using+My

Please remember to reboot when the scan completes.

 

You can check the steps here as well:

 

Optimize Windows 7 for better performance

Check this article for more information.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#13 Dicko148

Dicko148
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 11 April 2014 - 03:28 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 29 days old and could be outdated)
Ran by Richard Office (administrator) on RICHARDOFFIC-PC on 11-04-2014 04:24:58
Running from C:\Users\Richard Office\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LBTWiz.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\sysWow64\SearchProtocolHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\VUL\McVulCtr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Bluetooth Connection Assistant] - LBTWIZ.EXE -silent
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-07-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-23] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-07-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2014-03-21] (RealNetworks, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-05] (Google Inc.)
HKU\S-1-5-21-3416351590-979912566-1601476894-1000\...\MountPoints2: E - E:\SETUP.EXE
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Richard Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.ninemsn.com.au/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3A01F468464ECF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com/
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {20A46058-3A5B-4703-B05E-856160573F29} URL = http://au.search.yahoo.com/search?fr=mcafee&type=A011AU0&p={SearchTerms}
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/AU/Core/Player/2020PlayerAX_Win32.cab
DPF: HKLM-x32 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

Chrome:
=======
CHR Extension: (Entanglement Web App) - C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-05-28]
CHR Extension: (SiteAdvisor) - C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-07-20]
CHR Extension: (RealDownloader) - C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-04-01]
CHR Extension: (Skype Click to Call) - C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-02-23]
CHR Extension: (Poppit) - C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-05-28]
CHR Extension: (Google Wallet) - C:\Users\Richard Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-12]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]

==================== Services (Whitelisted) =================

S2 0320151397154046mcinstcleanup; C:\Windows\TEMP\032015~1.EXE [836168 2014-03-13] (McAfee, Inc.)
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)
S2 gupdate1c9d21c21846a51; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-05-11] (Google Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2014-01-06] (IObit)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\McAfee\MSC\McAWFwk.exe [225216 2011-01-28] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S2 McOobeSv; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
S4 MSCamSvc; C:\Program Files (x86)\Microsoft LifeCam\MSCamS64.exe [443752 2007-05-18] (Microsoft Corporation)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

==================== Drivers (Whitelisted) ====================

R3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [103992 2007-09-10] (Brother Industries Ltd.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
R0 PxHlpa64; C:\Windows\SysWOW64\Drivers\PxHlpa64.sys [55552 2005-08-19] (Sonic Solutions)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203672 2013-04-03] (DEVGURU Co., LTD.(www.devguru.co.kr))
U5 PxHelp20; C:\Windows\SysWOW64\Drivers\PxHelp20.sys [46080 2005-08-19] (Sonic Solutions)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-11 04:24 - 2014-04-11 04:25 - 00020207 _____ () C:\Users\Richard Office\Desktop\FRST.txt
2014-04-10 16:14 - 2014-04-10 16:14 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-04-09 07:40 - 2014-03-31 11:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 07:40 - 2014-03-31 11:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 07:40 - 2014-03-31 09:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 07:39 - 2014-03-31 10:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 07:37 - 2014-03-04 19:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 07:37 - 2014-03-04 19:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 07:37 - 2014-03-04 19:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 07:37 - 2014-03-04 19:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 07:37 - 2014-03-04 19:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 07:37 - 2014-03-04 19:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 07:37 - 2014-03-04 19:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 07:37 - 2014-03-04 19:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 07:37 - 2014-03-04 19:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 07:37 - 2014-03-04 18:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 07:37 - 2014-03-04 18:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 07:37 - 2014-02-04 12:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 07:37 - 2014-02-04 12:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 07:37 - 2014-02-04 12:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 07:37 - 2014-02-04 12:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 07:37 - 2014-02-04 12:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 07:37 - 2014-01-24 12:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-09 07:01 - 2014-04-11 04:03 - 00157530 _____ () C:\Windows\setupact.log
2014-04-09 07:01 - 2014-04-09 07:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-09 07:00 - 2014-04-10 16:41 - 00008662 _____ () C:\Windows\PFRO.log
2014-04-08 20:56 - 2014-04-11 04:24 - 00000000 ____D () C:\Users\Richard Office\Desktop\New folder (2)
2014-04-08 20:55 - 2014-04-08 20:55 - 02157056 _____ (Farbar) C:\Users\Richard Office\Desktop\FRST64.exe
2014-04-08 20:03 - 2014-04-11 04:23 - 00001887 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2014-04-07 19:40 - 2014-04-07 19:40 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\ProductData
2014-04-07 19:39 - 2014-04-10 16:16 - 00000000 ____D () C:\ProgramData\ProductData
2014-04-07 19:38 - 2014-04-07 19:38 - 00000000 ____D () C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424}
2014-04-07 19:38 - 2014-04-07 19:38 - 00000000 ____D () C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2014-04-07 19:34 - 2014-04-10 16:35 - 00000000 ____D () C:\Users\Richard Office\AppData\Local\Slick Savings
2014-04-06 18:41 - 2014-04-06 18:41 - 00000000 ____D () C:\Users\Richard Office\AppData\OICE_15_974FA576_32C1D314_BE5
2014-04-04 21:35 - 2014-04-10 17:45 - 00000000 ____D () C:\Users\Richard Office\Desktop\Desktop Cleanup 4-4-14
2014-04-04 20:23 - 2014-04-07 19:40 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\IObit
2014-04-04 20:23 - 2014-04-07 19:38 - 00000000 ____D () C:\ProgramData\IObit
2014-04-04 20:23 - 2014-04-07 19:38 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-04-04 15:13 - 2014-04-04 15:13 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Richard Office\Desktop\rkill64.exe
2014-04-03 21:17 - 2014-04-03 21:17 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Richard Office\Desktop\rkill.exe
2014-04-03 20:26 - 2014-04-03 20:26 - 01426178 _____ () C:\Users\Richard Office\Desktop\AdwCleaner.exe
2014-04-03 19:04 - 2014-04-11 04:24 - 00000000 ____D () C:\FRST
2014-04-03 18:58 - 2014-04-04 20:47 - 00000000 ____D () C:\AdwCleaner
2014-03-31 20:21 - 2014-03-31 20:22 - 00000000 ___HD () C:\f7f0497
2014-03-21 17:20 - 2014-03-21 17:20 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-03-21 17:20 - 2014-03-21 17:20 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-03-21 17:20 - 2014-03-21 17:20 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2014-03-21 17:20 - 2014-03-21 17:20 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2014-03-21 17:20 - 2014-03-21 17:20 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2014-03-21 17:20 - 2014-03-21 17:20 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2014-03-21 17:20 - 2014-03-21 17:20 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-03-21 17:20 - 2014-03-21 17:20 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-03-21 17:17 - 2014-03-21 17:17 - 00000000 ____D () C:\Users\Richard Office\AppData\Local\Skype
2014-03-14 06:16 - 2014-03-14 06:17 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-14 06:16 - 2014-03-14 06:17 - 00000000 ____D () C:\Program Files\iTunes
2014-03-14 06:16 - 2014-03-14 06:17 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-14 06:16 - 2014-03-14 06:16 - 00000000 ____D () C:\Program Files\iPod
2014-03-14 06:10 - 2014-03-14 06:10 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-13 20:24 - 2014-03-13 20:24 - 00000000 ___RD () C:\Users\Richard Office\Documents\Notes
2014-03-13 16:48 - 2014-03-01 15:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 16:48 - 2014-03-01 14:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 16:48 - 2014-03-01 14:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 16:48 - 2014-03-01 14:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 16:48 - 2014-03-01 14:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 16:48 - 2014-03-01 14:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 16:48 - 2014-03-01 14:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 16:48 - 2014-03-01 14:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 16:48 - 2014-03-01 14:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 16:48 - 2014-03-01 14:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 16:48 - 2014-03-01 14:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 16:48 - 2014-03-01 14:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 16:48 - 2014-03-01 14:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 16:48 - 2014-03-01 13:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 16:48 - 2014-03-01 13:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 16:48 - 2014-03-01 13:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 16:48 - 2014-03-01 13:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 16:48 - 2014-03-01 13:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 16:48 - 2014-03-01 13:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 16:48 - 2014-03-01 13:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 16:48 - 2014-03-01 13:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 16:48 - 2014-03-01 13:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 16:48 - 2014-03-01 13:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 16:48 - 2014-03-01 13:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 16:48 - 2014-03-01 13:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 16:48 - 2014-03-01 13:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 16:48 - 2014-03-01 13:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 16:48 - 2014-03-01 13:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 16:48 - 2014-03-01 13:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 16:48 - 2014-03-01 13:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 16:48 - 2014-03-01 12:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 16:48 - 2014-03-01 12:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 16:48 - 2014-03-01 12:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 16:48 - 2014-03-01 12:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 16:48 - 2014-03-01 12:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 16:48 - 2014-03-01 12:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 16:48 - 2014-02-07 11:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 16:48 - 2014-01-29 12:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 16:48 - 2014-01-29 12:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 16:48 - 2014-01-28 12:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 16:45 - 2014-02-04 12:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 16:45 - 2014-02-04 12:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 16:45 - 2014-02-04 12:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 16:45 - 2014-02-04 12:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-11 04:25 - 2014-04-11 04:24 - 00020207 _____ () C:\Users\Richard Office\Desktop\FRST.txt
2014-04-11 04:25 - 2009-07-01 15:29 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-11 04:24 - 2014-04-08 20:56 - 00000000 ____D () C:\Users\Richard Office\Desktop\New folder (2)
2014-04-11 04:24 - 2014-04-03 19:04 - 00000000 ____D () C:\FRST
2014-04-11 04:23 - 2014-04-08 20:03 - 00001887 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2014-04-11 04:23 - 2014-02-10 06:13 - 00005038 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for RichardOffic-PC-Richard Office RichardOffic-PC
2014-04-11 04:21 - 2014-03-04 13:02 - 00000000 ____D () C:\Users\Richard Office\Documents\Outlook Files
2014-04-11 04:20 - 2009-04-10 03:23 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-04-11 04:13 - 2009-10-25 17:17 - 00010048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-11 04:13 - 2009-10-25 17:17 - 00010048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-11 04:07 - 2013-09-17 21:28 - 00000000 __RSD () C:\Users\Richard Office\Documents\McAfee Vaults
2014-04-11 04:04 - 2009-07-01 15:29 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-11 04:03 - 2014-04-09 07:01 - 00157530 _____ () C:\Windows\setupact.log
2014-04-11 04:03 - 2012-08-14 20:26 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-11 04:03 - 2011-03-10 19:14 - 00000420 _____ () C:\Windows\Tasks\Free File Viewer Update Checker.job
2014-04-11 04:03 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-10 20:31 - 2009-10-25 17:55 - 01261596 _____ () C:\Windows\WindowsUpdate.log
2014-04-10 20:03 - 2009-04-30 21:06 - 00000000 ____D () C:\Users\Richard Office\Documents\Richard's Docs
2014-04-10 19:56 - 2014-01-11 22:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-10 17:45 - 2014-04-04 21:35 - 00000000 ____D () C:\Users\Richard Office\Desktop\Desktop Cleanup 4-4-14
2014-04-10 16:59 - 2013-08-15 16:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 16:59 - 2013-04-26 14:20 - 00007659 _____ () C:\Users\Richard Office\AppData\Local\resmon.resmoncfg
2014-04-10 16:41 - 2014-04-09 07:00 - 00008662 _____ () C:\Windows\PFRO.log
2014-04-10 16:35 - 2014-04-07 19:34 - 00000000 ____D () C:\Users\Richard Office\AppData\Local\Slick Savings
2014-04-10 16:16 - 2014-04-07 19:39 - 00000000 ____D () C:\ProgramData\ProductData
2014-04-10 16:14 - 2014-04-10 16:14 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-04-10 15:03 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\rescache
2014-04-10 13:15 - 2009-10-25 18:22 - 00003990 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1A7FB5C7-A9AF-4E0F-BAE6-F583749D89F4}
2014-04-09 15:01 - 2009-11-20 10:07 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 07:47 - 2013-04-14 10:33 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-04-09 07:06 - 2009-07-14 15:13 - 00006222 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-09 07:02 - 2010-02-05 15:52 - 00000437 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-04-09 07:01 - 2014-04-09 07:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-08 20:55 - 2014-04-08 20:55 - 02157056 _____ (Farbar) C:\Users\Richard Office\Desktop\FRST64.exe
2014-04-08 06:29 - 2009-01-24 15:36 - 00000000 ____D () C:\Users\Richard Office\Documents\Desktop Files
2014-04-08 06:24 - 2009-10-26 12:13 - 00000000 ____D () C:\Windows\Panther
2014-04-07 19:40 - 2014-04-07 19:40 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\ProductData
2014-04-07 19:40 - 2014-04-04 20:23 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\IObit
2014-04-07 19:39 - 2009-07-16 10:51 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Apple Computer
2014-04-07 19:38 - 2014-04-07 19:38 - 00000000 ____D () C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424}
2014-04-07 19:38 - 2014-04-07 19:38 - 00000000 ____D () C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2014-04-07 19:38 - 2014-04-04 20:23 - 00000000 ____D () C:\ProgramData\IObit
2014-04-07 19:38 - 2014-04-04 20:23 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-04-06 18:41 - 2014-04-06 18:41 - 00000000 ____D () C:\Users\Richard Office\AppData\OICE_15_974FA576_32C1D314_BE5
2014-04-05 14:17 - 2013-09-20 11:46 - 00000000 ____D () C:\Users\Richard Office\Documents\VirtualDJ
2014-04-04 22:13 - 2013-12-13 20:00 - 00000000 ___HD () C:\Users\Richard Office\Desktop\New folder
2014-04-04 21:46 - 2009-10-25 17:21 - 00000000 ___HD () C:\Users\Richard Office
2014-04-04 20:47 - 2014-04-03 18:58 - 00000000 ____D () C:\AdwCleaner
2014-04-04 20:31 - 2010-08-30 20:09 - 00562176 ___SH () C:\Users\Richard Office\Thumbs.db
2014-04-04 20:15 - 2011-08-15 17:41 - 04143616 ___SH () C:\Users\Richard Office\Desktop\Thumbs.db
2014-04-04 15:13 - 2014-04-04 15:13 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Richard Office\Desktop\rkill64.exe
2014-04-03 21:17 - 2014-04-03 21:17 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Richard Office\Desktop\rkill.exe
2014-04-03 20:26 - 2014-04-03 20:26 - 01426178 _____ () C:\Users\Richard Office\Desktop\AdwCleaner.exe
2014-04-03 18:59 - 2009-08-21 13:36 - 00000000 ____D () C:\Program Files (x86)\MSN Games
2014-04-03 18:42 - 2009-08-04 19:22 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-04-03 18:29 - 2012-07-22 16:22 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Samsung
2014-04-03 18:29 - 2012-07-22 16:10 - 00000000 ____D () C:\ProgramData\Samsung
2014-04-03 18:28 - 2009-04-10 03:19 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-03 17:57 - 2013-12-17 19:52 - 00000000 ____D () C:\ProgramData\Foresight Software
2014-04-01 18:39 - 2012-03-26 21:57 - 00000000 ____D () C:\Program Files (x86)\Graboid
2014-04-01 18:38 - 2013-11-15 17:12 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\BitTorrent
2014-03-31 20:25 - 2009-07-07 20:22 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Real
2014-03-31 20:22 - 2014-03-31 20:21 - 00000000 ___HD () C:\f7f0497
2014-03-31 20:22 - 2009-04-22 17:22 - 00000000 ___RD () C:\Users\Richard Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-31 11:16 - 2014-04-09 07:40 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 11:13 - 2014-04-09 07:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 10:13 - 2014-04-09 07:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 09:57 - 2014-04-09 07:40 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-29 19:13 - 2009-05-11 19:37 - 00000000 ____D () C:\Users\Richard Office\AppData\Local\Google
2014-03-29 17:20 - 2009-07-01 15:29 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 17:20 - 2009-07-01 15:29 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-26 20:24 - 2009-07-14 15:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-24 15:59 - 2009-10-25 17:20 - 00000426 _____ () C:\Windows\BRWMARK.INI
2014-03-21 17:20 - 2014-03-21 17:20 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-03-21 17:20 - 2014-03-21 17:20 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-03-21 17:20 - 2014-03-21 17:20 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2014-03-21 17:20 - 2014-03-21 17:20 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2014-03-21 17:20 - 2014-03-21 17:20 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2014-03-21 17:20 - 2014-03-21 17:20 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2014-03-21 17:20 - 2014-03-21 17:20 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-03-21 17:20 - 2014-03-21 17:20 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-03-21 17:20 - 2011-02-21 20:14 - 00000000 ____D () C:\Program Files (x86)\Real
2014-03-21 17:20 - 2009-10-15 17:11 - 00000000 ____D () C:\ProgramData\Real
2014-03-21 17:17 - 2014-03-21 17:17 - 00000000 ____D () C:\Users\Richard Office\AppData\Local\Skype
2014-03-21 17:17 - 2012-12-01 19:44 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Skype
2014-03-21 17:17 - 2012-12-01 19:43 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-21 17:17 - 2012-12-01 19:43 - 00000000 ____D () C:\ProgramData\Skype
2014-03-21 17:16 - 2012-04-12 08:22 - 00000000 ____D () C:\Users\Richard Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-03-21 17:16 - 2012-04-12 08:22 - 00000000 ____D () C:\Program Files\WinRAR
2014-03-17 19:02 - 2013-09-17 21:27 - 00070592 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\cfwids.sys
2014-03-17 18:54 - 2013-09-17 21:27 - 00345456 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfewfpk.sys
2014-03-17 18:54 - 2012-04-14 05:15 - 00185792 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2014-03-17 18:49 - 2013-09-17 21:27 - 00783864 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
2014-03-17 18:47 - 2013-09-17 21:27 - 00522360 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfefirek.sys
2014-03-17 18:45 - 2013-09-17 21:27 - 00311600 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeavfk.sys
2014-03-17 18:44 - 2013-09-17 21:27 - 00180272 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeapfk.sys
2014-03-14 18:04 - 2013-04-26 14:44 - 03057368 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 18:02 - 2012-05-19 00:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 18:02 - 2012-05-19 00:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 06:17 - 2014-03-14 06:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-14 06:17 - 2014-03-14 06:16 - 00000000 ____D () C:\Program Files\iTunes
2014-03-14 06:17 - 2014-03-14 06:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-14 06:16 - 2014-03-14 06:16 - 00000000 ____D () C:\Program Files\iPod
2014-03-14 06:12 - 2009-07-16 10:47 - 00000000 ____D () C:\ProgramData\Apple
2014-03-14 06:10 - 2014-03-14 06:10 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-13 20:24 - 2014-03-13 20:24 - 00000000 ___RD () C:\Users\Richard Office\Documents\Notes
2014-03-12 09:56 - 2014-01-11 22:23 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 09:56 - 2014-01-11 22:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 09:56 - 2014-01-11 22:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\Users\Public\MyWebTattoo.exe
C:\Users\Richard Office\CC3up_1.30.0010.EXE

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-09 10:04

==================== End Of Log ============================



#14 Dicko148

Dicko148
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 11 April 2014 - 03:29 AM

Thanks for the tips will do them and let you know how I am going.

 

Sorry for last post not being complete.



#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:03 AM

Posted 11 April 2014 - 03:48 AM

Hello,

 

No worries. :)

 

Btw you can uninstall the following applications as well in order to boost the system performance: (if you don't use them):

 

Bing Bar
Bing Desktop
Skype Click to Call
Dell Dock
Yahoo! Software Update
Yahoo!7 Toolbar
 

 

Also we need to run another fixlist to remove some remnants from adware programs:

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

 

Btw...I am just curious...any idea why you have nVidia and AMD/Ati drivers installed? Did you change your video card and forgot to uninstall the unneeded drivers?

 

 

 

Regards,

Georgi


cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users